Cyware Weekly Threat Intelligence, November 25 - 29, 2019

Weekly Threat Briefing • November 29, 2019
Weekly Threat Briefing • November 29, 2019
The Good
Yet another week has passed by, and it was bustling with activity in cyberspace — both ethical and otherwise. Let’s begin the weekly review of cybersecurity happenings with the positive ones. The Finnish Transport and Communication Agency Traficom announced that cybersecurity labels for IoT devices would be issued. SoniTalk, a new method for near-field communication focused on security, has been made freely available. In other news, researchers from the National Tsing Hua University (NTHU) have developed a new cryptographic technique to transmit encrypted messages.
The Bad
Cyber incidents were reported in plenty this week. In a massive breach this week, an open database exposed the data of over 1.2 billion people. Facebook and Twitter disclosed that the data of hundreds of Android users may have been improperly accessed after their accounts were used to log in to Google Play Store apps. Meanwhile, Adobe disclosed that its Magento Marketplace suffered a security breach impacting the account details of registered users.
New Threats
This week witnessed the emergence of several new malware strains and vulnerabilities. Thousands of Android applications were reported to be impacted by a GIF processing vulnerability that was recently disclosed. The Common Weakness Enumeration (CWE) list of the 25 most dangerous software vulnerabilities has been updated for the first time in eight years. In other news, security experts have reported that the new Dexphot malware has infected more than 80,000 computers.