A selection of this week’s more interesting vulnerability disclosures and cyber security news. A bumper crop this week, in fact I’ve had to trim the items down considerably, even going as far to skip my usual IoT comments. The remaining gems are still thought provoking with the first being a classic; a third party data breach. Quite an epic one. Don’t think I need to explain it any more than that:
Its holiday season for many. Are you looking to take something to read on the beach? I really suggest taking this, you might also want to take a notepad as I’m sure it will give you plenty of ideas for things to do when you get back to work!
We’ve seen a number of further Spectre and Meltdown vulnerabilities emerge, and much like the Rowhammer attack, we’re now about to see another hardware bug come under attack remotely. Need to keep an eye on how this vector develops:
More light reading:
- 24 Sentenced in India-Based Call Center Operation The scheme targeted US residents with fraudulent phone calls and conned victims out of hundreds of millions of dollars.
- D-Link, Dasan Routers Under Attack In Yet Another Assault Dasan and D-Link routers running GPON firmware are being targeted by hackers in an attempt to create a botnet.
- Hackers stole data of PM Lee and 1.5 million patients in ‘major cyberattack’ on SingHealth Today reports
- Pinterest Browser Extension Injects Unwanted Code into 5K Websites A Pinterest browser button leaks malformed code into any browser-based text editor.
- Regional Virginia Bank Falls Victim to Coordinated $2.4M ATM Heist The bank is also suing its insurance carrier for not covering the full extent of the damage.
- Skills That a ‘Next-Level’ Pentester Should Have Top tier penetration testers are a breed of their own. Here is how to make sure your pentester is topnotch.
- Spectre Will Haunt Us For a Long Time These vulnerabilities have existed for over 20 years, and we are not even close to closing the door on these significant risks.
- ThreatList: A Ranking of Airports By Riskiest WiFi Networks Airport TSA agents don’t check terminals for insecure WiFi networks, so stay on your toes when using hotspots at these airports.
- Highly Sophisticated Parasite RAT Emerges on the Dark Web This brand-new RAT represents the latest escalation in an ongoing malware arms race that extends even to commodity malware.
- ‘Password Check Required’? Not So Fast The most successful phishing emails tell users to check their passwords or investigate security alerts.
- Privacy Questions Raised as Tech Giants Join Forces on Data Portability Security researchers have concerns about the privacy implications of Google, Facebook, Microsoft and Twitter’s Data Transfer Project.
- Bugs in Samsung IoT Hub Leave Smart Home Open To Attack Researchers found 20 flaws in Samsung’s SmartThings Hub controller opening up supported third-party smart home devices to attack.