Weekly Cyber Security News 10/06/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

This week, while there has been more large data troves being revealed for sale on the internet, I thought this one has gone under the radar:

• Wi-Fi hack can disable Mitsubishi Outlander’s anti-theft alarm white hats (The Register)
• Researchers Hack Mitsubishi Outlander PHEV (SecurityWeek)

Vehicle hacking is still a concern even though many manufactures are trying, at one end of the spectrum to smother any published results to those that are responsible to actually address the problem. Along with this industry we have the whole IoT security nightmare, that any kind of risk to compromise is just an afterthought (if that) as its all about getting goods to consumers first.

Back to the data troves and other news then…..

• 100 million credentials from ‘Russia’s Facebook’ go on sale (The Register)
• 32.8 Million Twitter Credentials May Have Been Leaked (InfoRiskToday)
• CVE-2016-4326 The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for Chef allows remote attackers to execute arbitrary code via crafted serialized data in a cookie.
• Facebook founder Zuckerberg’s social media accounts restored after alleged hack (Yahoo Security)
• French Bamp;Q equivalent ‘hacked’ to offer visitors vulgar DIY tools (The Register)
• Millions of ‘must be firewalled’ services are open to the entire internet research (The Register)
• On her microphone’s secret service: How spies, anyone can grab crypto keys from the air (The Register)
• Sophos U-turns on lack of .bat file blocking after lt;igt;El Reglt;/igt; intervenes (The Register)
• Stolen LinkedIn Data Used in Personalized Email Attacks
• TeamViewer beefs up account security after rash of PC, Mac hijacks (The Register)
• Twitter: Don’t know where hackers got those logins but it wasn’t from us (The Register)
• Warning: Change your Twitter password immediately (Yahoo Security)
• Facebook Patches Vulnerability in Messenger App
• Why does an Android keyboard need to see your camera and log files and why does it phone home to China? (The Register)
• CVE-2015-7695 (debian_linux, zend_framework) The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.
• Samsung Patches Device Takeover Vulnerability in Galaxy Device
• Bugtraq: WordPress Levo-Slideshow 2.3 Arbitrary File Upload Vulnerability WordPress Levo-Slideshow 2.3 Arbitrary File Upload Vulnerability