Weekly Cyber Security News 30/09/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

Following on from last week’s boundary issues, the can of worms that is flaky firmware on routers surfaced with the exposure of some serious issues in D-Link routers. I’ve previously pulled up other examples of lazy (in)security problems on such devices and it won’t go away. Another article too below from an industrial control perspective, while not quite your usual home IoT nightmare, it still has the same issues but the costs are much higher. For most, the awareness of what risk there is from a consumer device being plugged-in is going to be nil. We trust the things we are sold and assume they will have been designed in our best interests. Again, for everything that hits the home (or even business) network, I’m warming to Google’s view that you can’t let the trust-point be at the network perimeter any more. The local LAN should be classed as a risk, not as high as outside of course, and the devices are the last line…. Well maybe….

 

• D-Link DWR-932 B owner? Trash it, says security bug-hunter (The Register)

• Why operational technology must be addressed to secure industrial IoT (TechRepublic)

• Vulnerabilities, Backdoors Found in D-Link Mobile Hotspot (SecurityWeek)

• Multiple vulnerabilities found in the Dlink DWR-932B (backdoor, backdoor accounts, weak WPS, RCE …)

 

And the rest….

• The Breach That Supposedly Isn’t a Breach (InfoRiskToday)

• A Pokemon Go guide infected thousands of phones (TechRepublic)

• Amy Schumer And Justin Bieber Ranked Highest In Annual Most Dangerous Celebrities Study (Forbes)

• As we speak, teen social site is leaking millions of plaintext passwords (ArsTechnica)

• Exclusive: U.S. seeks accused Manila banker’s help to crack Bangladesh heist (Yahoo Security)

• Necurs Botnet Fuels Jump in Spam Email (SecurityWeek)

• OpenSSL swats a dozen bugs, one notable nasty (The Register)

• OpenSSL’s security patches now need their own security patches (The Register)

• RIG Replaces Neutrino in Massive Malvertising Campaigns (SecurityWeek)

• The most dangerous celebrities to look up on Google (Yahoo Security)

• The security tsunami of the Internet of Things is coming, are you ready? (TechRepublic)

• Yahoo!; Answers used to cloak command and control networks (The Register)

• Locky Ransomware Drops Offline Mode

• No More Ransom takes a bite out of ransomware (TechRepublic)
  

• OpenSSL Patch for Low Severity Issue Creates Critical Flaw (SecurityWeek)