Weekly Cyber Security News 09/11/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Big news out this week of a serious chained fault on WordPress. If you are running WooCommerce then you had better dive in and check this article to make sure you are not exposed:

• WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover

A couple of weeks back I mentioned a curious phase of targeting publishers for some unknown reason. Well, I wonder if they were really aiming for this:

• Bowker Investigating Breach of ISBN Site

Ahhhhh…. Takes me back….. I remember my first exposure to security threats was back in 1989-90 when Cascade and Vienna viruses were spreading. I was working at a publisher and we thought it would be advantageous to try out the Norton Antivirus thing, just a precaution though, we should be safe, we were on an isolated network….. Oh dear. Riddled. Everywhere. Cleaned up with minimal affected machines thankfully:

• The day computer security turned real: The Morris Worm turns 30 (ZDNet)

 

The other stuff you can take a look at…

• Adobe ColdFusion servers under attack from APT group
• Top Australia Defence company Austal notifies a serious security breach

• 30 spies dead after Iran cracked CIA comms network with, er, Google search new claim (The Register)

• Apache Struts Warns Users of Two-Year-Old Vulnerability Users must update their vulnerable libraries manually.

• Australian Shipbuilder Hacked, Refuses to Pay Ransom (InfoRiskToday)

• Cambodia”s ISPs hit by some of the biggest DDoS attacks in the country”s history (ZDNet)

• Cisco removed its seventh backdoor account this year, and that”s a good thing

• Cyber attack exposes sensitive data about a nuclear power plant in France

• Cyber-crooks think small biz is easy prey. Here”s a simple checklist to avoid becoming an easy victim (The Register)

• Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server (ZDNet)

• Dutch cops hope to cuff “hundreds” of suspects after snatching server, snooping on 250,000+ encrypted chat texts

• Elon Musk Bitcoin Scammers Hijack Verified Status Accounts

• GDPR USA – “A year ago, hell no … More people are open to it now” House Rep says EU-like law may be mulled (The Register)

• Hackers are increasingly destroying logs to hide attacks (ZDNet)

• Huawei denies foreign network hack reports (ZDNet)

• Intel CPUs impacted by new PortSmash side-channel vulnerability (ZDNet)

• Privacy International Files GDPR Complaints

• Security Bug in Icecast Puts Online Radio Stations At Risk

• Several Vulnerabilities Patched in nginx

• Shipbuilder, defense contractor Austal reveals data breach

• SIM Swap Danger as Telco Staff Waive ID Checks

• SMBs: We don”t want to spoil all of this article, but have you patched, taken away admin rights, made backups yet?

• Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it”s really, really dumb)

• Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet (The Register)

• Strange snafu misroutes domestic US Internet traffic through China Telecom

• Supply-chain attack on cryptocurrency exchange gate.io

• University shuts down network to thwart Bitcoin cryptojacking scheme (ZDNet)

• Web domain owners paid EasyDNS to cloak their contact info from sight. It was blabbed via public Whois anyway

• What”s that? SSH can still use RC4? Not for much longer, promise

• World Wide Web Inventor Wants New ‘Contract’ to Make Web Safe

• November Android Security Update Fixes Critical Bugs, Drops Media Library

• Private Messages for 81k Hacked Facebook Accounts Being Sold Online

• Shellbot Botnet Targets IoT devices and Linux servers

• Evernote Flaw Allows Hackers to Steal Files, Execute Commands

• Oops: Cisco accidentally released in-house Dirty COW exploit attack code with software installer

• VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available