Weekly Cyber Security News 17/08/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Been a strange week, always is, but this time some really dumb self inflicted breaches and own goals that defy belief. What I will focus on this week is the future, the dark looming cloud that is brewing from badly thought-out out approaches to dealing with an age old problem.

First up, is what appears to be a disturbing heavy handed approach to dealing with a genuine concern. Will this spread to other locations or just a blip?

• Vegas hotel room checks raise privacy, safety concerns at Def Con, Black Hat

Now, I do regularly moan about IoT; we all do right? Perhaps the only ones not are the lawyers who are standing by sharpening their knives. There have been a few casualties over the years, though a large outright fail has to happen soon, too many are poking it with sticks. I want to be as far away as possible when it does!

• Black Hat 2018: IoT Security Issues Will Lead to Legal ‘Feeding Frenzy’

OK, I lied about looking into the future, I’m sure you will get over that with such a fun and integrating attack vector. Makes me want to try and find an old fax machine to take a look, not that I’ve seen one in years mind…

• Beware the Fax Machine: Some Hackers Target Old Gadgets

 

The other nonsense:

• GoDaddy Exposes System Map and Business Strategy Info on AWS

• Comcast breach exposes 26.5m customer’s Social Security Numbers and partial addresses Cory Doctorow reports

• Toronto man sues Facebook $500,000 for ‘anxiety’ related to Cambridge Analytica breach

• 2018 Pwnie Awards: Who Pwned, Who Got Pwned A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.

• Amazon AWS error exposes info on 31,000 GoDaddy servers Mallory Locklear reports

• Apple zero-day exposes macOS to Synthetic Mouse-Click attacks

• BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

• Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles Famous car hackers Chris Valasek and Charlie Miller

• Cosmos Bank – Hackers stole Rs 94 crore ($13.5 million) in just in 2 days

• Flaws in ATM Dispenser Controllers Allowed Hackers to Steal Cash

• Google Services Track User Movements In Privacy Faux Pas A recent report found that Google services with functions like checking maps, the weather, and search are tracking users even when they deny permission.

• Hacker Unlocks ‘God Mode’ and Shares the ‘Key’ A researcher proves that it’s possible to break the most fundamental security on some CPUs.

• Hacking pacemakers, insulin pumps and patient’s vital signs in real-time

• Hundreds of Instagram accounts were hijacked in a coordinated attack

• IETF Publishes TLS 1.3 as RFC 8446

• Instagram Hack: Hundreds Affected, Russia Suspected Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.

• Melbourne teen hacked into Apple’s secure computer network, court told Erin Pearson reports

• Microsoft ADFS Vulnerability Lets Attackers Bypass MFA

• New Trickbot Variant Touts Stealthy Code-Injection Trick Trickbot is back, this time with a stealthy code injection trick.

• Open MQTT Servers Raise Physical Threats in Smart Homes Misconfigured DIY smart-home hubs

• Researcher Finds Hundreds of Planes Exposed to Remote Attacks

• Smart Irrigation Systems Expose Water Utilities to Attacks

• UK: Butlin’s admits 34,000 guest records stolen in hack Alexander J. Martin reports

• Victims Lose Access to Thousands of Photos as Instagram Hack

• Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities

• Weakness in WhatsApp Enables Large-Scale Social Engineering Problem lies in WhatsApp’s validation of message parameters and cannot be currently mitigated, Check Point researchers say.

• 50,553,664 GOMO app user’s information exposed – researcher By Lee Johnstone and Dissent Doe

• IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships Researcher Ruben Santamarta shared the details

• UK Police Deploy Homemade Mobile Fingerprint Scanners

• Hackers can edit and delete police bodycam footage or weaponize devices with malware

• Experts explained how to hack macs in enterprises through MDM

• Google tracks user’s movements even if they have disabled the ‘Location History’ on devices

• Google Tracks Your Movements, Like It or Not

• Kaspersky VPN Bug Leaked DNS Lookups

• Security expert discovered a bug that affects million Kaspersky VPN users

• Faxploit – Critical flaws potentially exposes millions of HP OfficeJet Printers to hack

• Foreshadow: New Speculative Execution Flaws Found in Intel CPUs

• Hack mobile point-of-sale systems? Researchers count the ways

• Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

• Microsoft Patches Zero-Day Flaws in Windows, Internet Explorer

• New PHP Exploit Chain Highlights Dangers of Deserialization

• Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw