Internet Security Week - Edition No. 40

News on the blog!

Updates and improvements are needed throughout work, so our newsletter is now called Internet Security Week .

In edition 40, 350 thousand beads of Spotify kidnapped, attack can steal a car in 90 seconds, penalty for cases of electronic crimes and much more.

News

Baidu leaks data from millions of app users on Android

Baidu Maps and Baidu App exposed telephone information and exclusive equipment numbers; Applications had already been banned from the Play Store.

By Leticia Rinient in Digital Look

TSE assumes that DDOS attack dropped app e-Title during the elections

The Superior Electoral Court (TSE) assumed that the attack of DDOS that suffered during the first round of municipal elections on Sunday (15) “may have caused instability in the E-Title application and the Electronic Judicial Process System (PJe)”.

By Guilherme M. Petry in The Hack

About 350,000 Spotify accounts were kidnapped through Credential Stuffing attacks

Researchers have discovered an exposed database that contained data with 380 million records, including access passwords that were used to kidnap almost 350,000 accounts.

By Amer Owaida in We Live Security

Attack can steal a Tesla Model X in 90 seconds

The company is launching a patch for vulnerabilities, which allowed a researcher to break a car in 90 seconds and leave.

By Andy Greenber in Wired

New Ransomware Egregor operates with double extortion attacks

Safety experts say double extortion attacks are a trend among ransomware operators.

In Ciso Advisor

Senate hardens sentence for cases of electronic crimes

The Senate approved last Wednesday (25) Bill (PL) 4554 /2020, by Izalci Lucas (PSDB-DF). The text determines an increase in penalties for those who commit electronic fraud.

By Rui Maciel in Canaltech

Bug allows to circumvent the authentication in two factors in CPANEL

Web server management software has been installed in more than 70 million domains; Failure is serious, but has already been corrected.

By Rafael Rivos in Look Digital

Smart bells send non -encrypted data to China and can be easily invaded

The British Consumer Rights Group, Witch?, Found vulnerabilities of all levels of safety at 11 different smart bells (IoT). Vulnerabilities were found in partnership with NCC Group security researchers.

By Guilherme M. Petry in The Hack

SAD DNS - Vulnerability Analysis that allows DNS poisoning attacks

Researchers have discovered a way to allow the return of DNS poisoning attacks. In this post, we analyze how this vulnerability works and have separated some tips on how to mitigate it.

By Alan Warburton in We Live Security

Hackers that can be Chinese they spy back the Vatican

The attacks are from the Mustang Panda group, and reach organizations that participate in the relations between the Vatican and the Chinese Communist Party.

In Ciso Advisor

Brazil is one of the most targeted countries for major hacker attacks; understand

In the 2019 survey of the Itu (International Union of Telecommunications), the country is in 70th place. In the Americas, it has sixth place, behind Paraguay.

By Felipe Oliveira in Tilt UOL

How to prevent a cyber attack: for small businesses

See many reasons to worry about the dangers of the internet, especially if the environment is business, and even worse, if it is from a small or medium company.

By Kelvin Zimmer on Lumiun Blog

Cyberteam: Group that invaded the TSE already attacked 61 other Brazilian sites

The authorship of the attacks carried out to the Superior Electoral Court (TSE) is confirmed that culminated in the disclosure of various personal data of employees of the agency well on the day of municipal elections of 2020.

By Ramon de Souza in Canaltech