Weekly Cyber Security News 11/11/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Yet another interesting week in cyber news. I will skip the Tesco Bank hack as we still don’t know for sure what happened other than a lot of money went from a lot of accounts. The bank has made a few odd comments which don’t help.

What has attracted my interest this week are two themes, the first are hits against two recruitment sites which could prove embarrassing or difficult for some people:

• Cisco jobs portal exposed personal data ITnews reports

• Open Database Exposes Millions of Job Seekers

• Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak (The Register)

The most interesting of course is back on the IoT bandwagon, and its impressive hack of ZigBee!

• IoT worm can hack Philips Hue lightbulbs, spread across cities (The Register)

The rest of the news:

• Tesco Bank Breach Sees Money Stolen From 20,000 Accounts (Forbes)
• Update: Tesco Bank refunds £2.5 million to customers after weekend’s security breach Anthony Spadafora reports
• Yahoo Reveals More Details About Massive Hack
• $10m of Bangladeshi SWIFT heist ended up in Philipino Casino (The Register)
• ‘Trust it’: Results of Signal’s first formal crypto analysis are in (The Register)
• Bangladesh Bank Team In Manila To Recover $15 Million Lost In Hack Philippine court orders return of part of the stolen money retrieved from casino boss to Bangladesh bank.
• Bank halts online transactions after money stolen from 20,000 accounts (ArsTechnica)
• Cyber fraudsters take money out of 20,000 Tesco Bank accounts (Yahoo Security)
• Finns chilling as DDoS knocks out building control system (The Register)
• Google boasts HTTPS adoption numbers, gives advice to businesses making the switch (TechRepublic)
• Hackers cook god-mode remote exploits against Edge, VMware in world-first (The Register)
• Hackers hit Scotland Yard’s site after arrests at Million Mask March John Simpson reports
• India trying to fix hacked websites of 7 of its embassies (Yahoo Security)
• Reg; meets ‘Lokihardt’, quite possibly the world’s best hacker (The Register)
• Microsoft Delays Retirement of EMET (SecurityWeek)
• Researchers’ Belkin Home Automation Hacks Show IoT Risks (InfoRiskToday)
• Tesco Bank ‘Hack’ Still a Mystery (SecurityWeek)
• Tesco cyber attack sparks fears other banks could be targeted (Yahoo Security)
• Turn off remote admin, SOHOpeless D-Link owners (The Register)
• Web of Trust (WOT) Add-on taken down by Chrome & Firefox Matthew Humphries reports
• What do you give a bear that wants to fork SSL? Whatever it wants! (The Register)
• World-leading heart hospital ‘very, very lucky’ to dodge ransomeware hit (The Register)
• Google to patch Chrome mobile hole after bank trojan hits 318k users (The Register)
• Fix for critical Android rooting bug is a no-show in November patch release (ArsTechnica)