A selection of this week’s more interesting vulnerability disclosures and cyber security news. Apart from lots of new threats emerging, we have some others not so obvious too. The first, and one that I’ve not seen mentioned before with all the frantic activity over GDPR affects WHOIS and will have many tearing hair out for a few months:
Following from the ongoing escaped data from FaceBook, we have another woeful leak from people that should know better:
- myPersonality app data leak exposed intimate details of 3m users Phee Waterfield and Timothy Revell report
And most of the news this week (at least at the start of the week) was over PGP and its vulnerability – or not. Good points on both sides but a storm in a tea cup perhaps?
- Attention PGP Users: New Vulnerabilities Require You To Take Action Now Danny O’Brien and Gennie Gebhart write
The other news:
- PoS Malware ‘TreasureHunter’ Source Code Leaked The leak of point-of-sale malware source code is a double-edge sword to researchers who view it as boon to research, but a headache when it comes to inspiring future variants and attacks.
- Rail Europe Notifies Riders of Three-Month Data Breach Rail Europe North America alerts customers to a security incident in which hackers planted card-skimming malware on its website.
- Adobe Doles Out Second Round of Higher Priority Patches Adobe has issued a round of higher priority patches less than a week after its Patch Tuesday updates last week.
- Attackers Use UPnP to Sidestep DDoS Defenses Universal Plug and Play networking protocols can be exploited to bypass DDoS mitigations.
- Irish Data Protection Commissioner investigating cyber attack that claimed player details from World Rugby Gavin Mairs reports
- Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions Sources said the funds were diverted to fraudulent accounts in a coordinated heist that involved hundreds of wire transfers and on-the-ground accomplices.
- New DDoS Attack Method Leverages UPnP A new DDoS attack leverages unprotected UPnP routers to make attacks harder to stop.
- Nigerian BEC Scammers Growing Smarter, More Dangerous Nigerian-based cybercriminals are growing more dangerous as they add sophisticated tools to their arsenal,? including complex remote access trojans, a new report reveals.
- ‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies A team of academic researchers has demonstrated that it’s possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants.