A selection of this week’s more interesting vulnerability disclosures and cyber security news. Now I’m always interested by automotive hacks, but what really grabbed my attention was messing around with ships. I’ve had some exposure to navigation systems and I can quite believe it to be honest:
- Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen Pen Test Partners demonstrates how to send vessels off-course or even onto a path to collision- fairly easily.
Have you checked what Docker containers you have running recently?
- Malicious Docker Containers Earn Cryptomining Criminals $90K Researchers said over a dozen malicious docker images available on Docker Hub allowed hackers to earn $90,000 in cryptojacking profits.
And finally, a curios and catastrophic attack which leaves many more questions open such as (apart from how it spread so quickly), given that the system was completely out why only take so little compared to other SWIFT attacks? Did they just strike ‘lucky’ in that the outage was bigger than they thought?
- Banco de Chile Wiper Attack Just a Cover for $10M SWIFT Heist The wiper malware affecting 9,000 workstations and 500 servers inside Chile’s largest financial institution turns out to have been a distraction.
The rest of the news:
- Dixons Carphone Hack Compromises 5.9M Payment Cards The UK electronics retailer says the hack, which began last July, also involves 1.2M personal data records.
- Facebook Bug Sets 14M Users’ Settings to ‘Public’ The default sharing setting was accidentally changed for millions of accounts during a four-day period last month.
- Foscam Issues Patches For Vulnerabilities in IP Cameras Researchers found three vulnerabilities in Foscam connected security cameras that could enable a bad actor to gain root access knowing only the camera’s IP address.
- In Pursuit of Cryptography’s Holy Grail Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
- Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets Lenovo patches several popular tablet models to protect against BlueBorne vulnerabilities first identified in September 2017.
- Microsoft Fixes 11 Critical, 39 Important Vulns The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
- Operation Prowli Profits On Weak IoT Devices, Servers A new malicious campaign has compromised more than 40,000 machines globally to monetize via traffic hijacking and cryptomining.
- Unprotected Server Exposes Weight Watchers Internal IT Infrastructure Researchers found that a critical Weight Watchers server revealed its IT internal infrastructure.
- VPNFilter Malware Impact Larger Than Previously Thought Researchers said they now believe the malware has infected twice the number of router brands than previously stated and that the malware packs a much deadlier punch.
- 7 Variants (So Far) of Mirai Mirai is an example of the newest trend in rapidly evolving, constantly improving malware. These seven variants show how threat actors are making bad malware worse.
- Facebook Software Bug Made Some Private Posts Public: 14 Million Affected A Facebook glitch in May set millions of posts that users composed to public_ for ten days.
- Adobe Patches Critical Flash Player Bug With Active Exploit A critical Adobe flaw is being exploited in targeted attacks against Windows users.
- New Hack Weaponizes the Web Cache Researcher exploits design flaws in Web caching to take control of popular websites, frameworks and the Mozilla Firefox browser infrastructure.
- Two Bugs in WordPress Tooltipy Plugin Patched The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability.