A selection of this week’s more interesting vulnerability disclosures and cyber security news.
The Bangladesh vs SWIFT blame game rolls on with suspicion of miss use of the SWIFT network, and strangely, links to the Sony hack:
- Investigations Into Bangladesh Bank Heist Indicate ?Inside Job? FBI suspects bank worker may have acted as accomplice in the $81 Million theft.
- SWIFT network wasn’t hacked in $81 million Bangladesh heist : CEO (Yahoo Security)
- SWIFT says second bank hit by malware attack (Yahoo Security)
In other news, yes other things have been happening, we have some massive data dumps, scams and the end of TeslaCrypt:
- Americans cutting back on online activity over security and privacy fears (The Register)
- Britain’s GCHQ Spies Are on Twitter, Officially
- CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability
- Chrome to Deprecate Flash in Favor of HTML5 (SecurityWeek)
- Critical Vulnerability in Symantec AV Engine Exploited by Just Sending an Email
- Dark web hacking forum hacked and members’ privates exposed (The Register)
- Flash zero day phished phoolish Microsoft Office users (The Register)
- GhostShell Leaks Data From 32 Sites In ?Light Hacktivism? Campaign After a few months of silence, the Romanian hacktivist is back to expose the dangers of leaving FTP ports unprotected.
- Google to Soon Kill SSLv3, RC4 Support in Gmail (SecurityWeek)
- LinkedIn Breach: Worse Than Advertised (InfoRiskToday)
- RunKeeper acknowledges location data leak to ad service, pushes updates (ArsTechnica)
- Sainsburys Bank insurance spam scam causes confusion (The Register)
- Tumblr Resets User Passwords Following Breach
Weekly Cyber Security News 20/05/2016
