Weekly Cyber Security News 30/12/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news. We close the year with an interesting comment from an old breach at Ashley Madison: Bots are something to look for.

This year there has certainly been growth in chat bot development and use. Some which were very surprising (and disturbing) too, but what we’ve not perhaps considered is the security aspect: Can they be turned to illegal activities? This article does point out that Tinder has been fighting off bots that aim to extract credit card details. I think this could be the start of something new. Bots of course don’t sleep and are much more easier to deploy than a lot of people. Then we have many chat platforms out there including bot SDKs just to make it easier!

• Op-ed: Five unexpected lessons from the Ashley Madison breach (ArsTechnica)

Stay sharp folks!

The rest of the news…

• Hong Kong Airlines says sorry over passenger data leak EJinsight reports

• 10 Things InfoSec Pros Can Celebrate About 2016 There were a few items that passed for good news this year.

• Amazon Echo Now An Expert Murder Witness? (Forbes)

• Another Massive DDoS Closes Out 2016, But Mirai Not To Blame

• Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)

• Exclusive: Bangladesh police detail suspicions of inside help in central bank heist (Yahoo Security)

• How to protect secure shell on CentOS 7 with Fail2ban (TechRepublic)

• In an era of password leaks, Netflix tries extreme vigilance with mixed results (ArsTechnica)

• Massive Attack from New Leet Botnet Reaches 650 Gbps (SecurityWeek)

• Mozilla to Kill Firefox for Windows XP, Vista in 2017 (SecurityWeek)

• Multiple Vulnerabilities Impact ZyXEL Customized Routers (SecurityWeek)

• Oilpro.Com Founder Pleads Guilty to Hacking Competitor

• Police ask: Alexa, did you witness a murder? (ArsTechnica)

• SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074)

• TheDarkOverlord reveals three more attacks, with more to be revealed

• Trio charged with $4m insider trading by hacking merger lawyers (The Register)

• Destructive KillDisk Malware Turns Into Ransomware

• Fileless Malware Takes 2016 By Storm In-memory attacks are all the rage, creating a growing class of _non-malware._

• How to install malware detection and antivirus on CentOS 7 (TechRepublic)

• Threat Actors Bring Ransomware To Industrial Sector With New Version of KillDisk

• As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify Catalin Cimpanu reports

• Clever Facebook Hack Reveals Private Email Address of Any User Tom Spring reports

• Netgear plays down router security flaw (The Register)

• Vulnerabilities Plague PHP 7’s Unserialize Mechanism