Weekly Cyber Security News 20/01/2017

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A few interesting articles surfaced in this week that highlight the state of cybercrime risk. Yes, there is obviously nation state, global political and idealogical risk, much of this perceived threat being stoked by sensationalist news reporting. How much of that will directly affect us on a day-to-day level? Perhaps none of it until something huge happens.

For the vast majority of the case its low level fraud and ID theft that affects us and from the links below its quite startling the amount of people who have been affected by this. It is easy for us to fear the focus on potential larger scale risks and ignore what is right in front of us, this is only human, but to just accept that we might be ripped-off as a fact of life can’t be right. Is there any solution to this? Maybe, maybe not, though it could come down to just the usual vigilance for unusual activity, healthy and robust credential management and, the most important, watching those damned phishing email!

• Shocking crime surge THE TRUTH: England, Wales stats now include hacking and fraud (The Register)

• What’s the biggest danger to the power grid? Hackers? Terrorists? Er, squirrels (The Register)

• Survey Says 66% Of Consumers Won’t Work With Breached Companies Customers are willing to take risks online yet hold businesses responsible for protecting their data.

On a lighter note here is the rest of the crazy security news….

• Carbanak Hackers Use Google for Command and Control (SecurityWeek)

• Clash of Clans Forums Accounts Have Been Hacked Costea Lestoc reports

• Dodgy Dutch developer built backdoors into thousands of sites (The Register)

• Dovecot mailserver graded ‘nearly impenetrable’ (The Register)

• Dutch Coder Accused of Website Backdoor Fraud Spree (InfoRiskToday)

• Dutch Cops to Warn 20,000 of Email Account Hack Phil Muncaster reports

• Elasticsearch Servers Latest Target of Ransom Attacks

• Fraudsters use sham UK charity appeals to steal money via emails, social media (Yahoo Security)

• Google reveals its servers all contain custom security silicon (The Register)

• Insecure Hadoop installs next in ‘net scum crosshairs (The Register)

• Just give up: 123456 is lt;igt;stilllt;/igt; the world’s most popular password (The Register)

• Kill it with fire: US-CERT warns admins to dump Server Message Block (The Register)

• Mirai author named as operator of DDOS protection service (The Register)

• No Backdoor, but WhatsApp Can Snoop Encrypted Conversations (SecurityWeek)

• Novel Contributions to the field How I broke MySQL’s code-base (Part 2)

• Ransomware cretins smacked 1 in 3 NHS trusts last year (The Register)

• Reported backdoor in WhatsApp is in fact a features, defenders say (ArsTechnica)

• Spotted: Surprising Lull in Locky and Dridex Attacks (InfoRiskToday)

• These Were the Most Common Passwords Used in 2016

• Western Union to Pay $586 Million in US Fraud Settlement (InfoRiskToday)

• ATM Malware Retooled to Strike More Machines (InfoRiskToday)

• Brilliant phishing attack probes sent mail, sends fake attachments (The Register)

• McDonald’s Website Flaws Allow Phishing Attacks (SecurityWeek)

• Devs reverse-engineer 16,000 Android apps, find secrets and keys to AWS accounts (The Register)

• Hacker cracks Facebook with remote code execution bug (The Register)

• That critical ImageTragick bug Ars warned you about? It cost Facebook $40k (ArsTechnica)

• Security Audit Finds No Major Flaws in Dovecot (SecurityWeek)

• US-CERT Issues Warning After Hackers Offer SMB Zero-Day