Weekly Cyber Security News 04/05/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. So many interesting snippets this week – in a disturbing way of course. We have a number of large breaches both self inflicted and the usual unsecured DB server, crypto-mining, ransomware and web scans for major products which were breached in hours after patches were released. Disturbing yes. Instead of all of those, the ones that drew my attention are a little more quirky. The first, especially if you happen to be in the EU is the growing alarm most are having over GDPR and I am really surprised the scammers have taken this long to start sending fake email. Its certainly going to get worse over the next couple of weeks so stay alert and don’t click on anything unless you are sure, and REALLY don’t on a mobile device where you can’t see the link you are about to follow:

• Hackers Leverage GDPR to Target Airbnb Customers Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.

Remote exploits on cars I find both particularly interesting and scary. This one went a little way in before the researchers felt it was too much to proceed further. Not sure if this is putting me off buying a new car or not… Might stick with my dumb non-connected one for a while longer…

• Car hackers find remotely exploitable vulnerabilities in Volkswagen and Audi vehicles

The Rowhammer attack is another of those curious methods that I’ve been interested in over the years, and seeing it slowly develop into a viable attack method raised little alarm – until now. Now it appears to be a credible threat at least on Android. Take a look: 

• Android Phones Vulnerable to Remote Rowhammer Attack via GPU

The other news: 

• China increases employee surveillance, creating its own Thought Police

• Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers Paul Farrell reports

• Data Breach Leaves Bezop ICO Participants Exposed Ian Edwards reports

• PDF Files Can Silently Leak NTLM Credentials

• Amazon Boosts Domain Protections in CloudFront

• APT28 Hackers Caught Hijacking Legitimate LoJack Software Catalin Cimpanu reports

• Australia’s Biggest Bank Loses 20 Million Customer Records

• CVE-2018-10718 Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.

• Do you have a Twitter account? If so, reset your password now From Twitter, May 3, posted by Paraga

• GitHub Exposed Passwords of Some Users

• Lojack Attack Finds False C2 Servers

• Privilege Escalation Bug Lurked in Linux Kernel for 8 Years

• Slack Releases Open Source Secure Development Lifecycle Tool

• The Digital Vigilantes Who Hack Back Nicholas Schmidle reports

• Trend Micro Scan Engine Used by North Korea’s SiliVaccine Antivirus

• Commodity Ransomware Declines as Corporate Attacks Increase

• MassMiner Attacks Web Servers With Multiple Exploits

• PoC published for BSOD, works on vulnerable Windows boxes even if PC is locked

• Researchers Dissect Tool Used by Infamous Russian Hacker Group

• Meltdown Patch in Windows 10 Can Be Bypassed

• Microsoft Security Update for Spectre V2, (Sat, Apr 28th)

• CVE-2017-18264 An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 4.0.10.20, 4.4.x, 4.6.x, and 4.7.0 prereleases

• Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch Catalin Cimpanu reports

• Hackers Target Poorly Patched Oracle WebLogic Flaw

• PyRoMine Crypto-Miner Spreads via NSA-Linked Exploit

• Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges

• WebLogic Exploited in the Wild (Again), (Thu, May 3rd)