Weekly Cyber Security News 27/01/2017

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Following on from my comments last week on the low level attacks and the high risk we face with either fraud or any form of privacy invasion, an article here reminds me of a conversation I had over the weekend. I was out with friends for a pleasant evening and conversation rounded on what I do for a living. Usually anything tech related ends up leaving everyone glazed over, however when I bring up the security related topics everyone becomes fascinated by the horror in which its so easy to be caught out. The worst of it is usually due to the vast about of internet history we leave behind, and that search engines do an amazing job at find things we thought we had left behind. I bought up one particular recent event where I was researching some specific item of jewellery for a friend and found comments they made about it a decade ago much to their embarrassment which I won’t go into!

Much information we leave scattered around can, for those that really have it in for us, be easily pieced together and used for whatever means.

• How I Would Hack Your Network (If I Woke Up Evil)

• Hacker Issues Twitter Security Fail Warning to Trump (InfoRiskToday)

• Telus releases Hamilton woman’s personal information to her stalker Adam Carter reports

And the rest of it…

• Has LeakedSource.com been raided by feds? Zack Whittaker reports

• NYS A.G. Schneiderman Announces Settlement With Acer After Data Breach Exposed More Than 35,000 Credit Card Numbers

• Rsync errors lead to data leak at Canadian ISP, KWIC Internet Steve Ragan reports

• As attacks grow, EU mulls banking stress tests for cyber risks (Yahoo Security)

• Bookish hacker finds holes in Amazon, Apple, Google epub services (The Register)

• Ca: Grey Eagle Resort & Casino hacked; hackers threaten to dump sensitive employee and customer info

• Charter just tweeted out the worst internet security tip of all time (Yahoo Security)

• Chrome 56 Patches 51 Vulnerabilities (SecurityWeek)

• Chrome dev explains how modern browsers make secure UI just about impossible (The Register)

• Delhi hackers, digital shoplifters who tampered data of e-commerce portals Shiv Sunny reports

• Dropbox bug sends years-old deleted files back to user accounts (TechRepublic)

• Expert Hacks Internal DoD Network via Army Website (SecurityWeek)

• Firefox bares teeth, attacks sites that collect personal data (The Register)

• Forget About Backdoors, This Is The Data WhatsApp Actually Hands To Cops (Forbes)

• Gmail to Block JavaScript File Attachments (SecurityWeek)

• Go dark with the flow: Lavabit lives again (The Register)

• Hacker Group Claims Responsibility for Lloyds Bank Outages, Ransom Demand Catalin Cimpanu reports

• Hackers Tear Apart Trend Micro, Find 200 Vulnerabilities In Just 6 Months (Forbes)

• Heartbleed Still Affects 200,000 Devices: Shodan (SecurityWeek)

• Human bot hybrid finds LinkedIn email, phone number-filching holes (The Register)

• It’s 2017 and 200,000 services still have unpatched Heartbleeds (The Register)

• Kid hackers break XSS defences, find hack hole in 2 million websites (The Register)

• Lavabit Reboots After FBI-Snowden Investigation Fallout (InfoRiskToday)

• LeakedSource website goes dark amid claims of police raid (The Register)

• Linux nasty kicks weak, hacked gadgets when they’re already down (The Register)

• Lloyds a victim of cyber attack that hit banking services (Yahoo Security)

• Lloyds Bank Hit By DDoS Attack Hacker fails to extort $93,600 from bank for the attacks between January 11 and 13, a report says.

• Lloyds Bank outage: DDoS is prime suspect (The Register)

• OpenSSL Patches Four Vulnerabilities

• Site that sold access to 3.1 billion passwords vanishes after reported raid (ArsTechnica)

• Stop calling all hacks with ransom demands ‘ransomware’ For the past year

• WD Patches Vulnerabilities in _My Cloud_ Products

• Western Digital fixes remote execution bug in My Cloud Mirror (The Register)

• Western Union coughs up $586m for turning a blind eye to fraud (The Register)

• Widely used WebEx plugin for Chrome will execute attack codepatch now! (ArsTechnica)

• Cisco’s WebEx Chrome plugin will execute evil code, install malware via secret ‘magic URL’ (The Register)

• Disk-nuking malware takes out Saudi Arabian gear. Yeah, wipe that smirk off your face, Iran (The Register)

• HummingBad malware returns in new, more annoying variant (The Register)

• Boffins break Samsung Galaxies with one SMS carrying WAP crap (The Register)

• Now theres a better way to prevent Facebook account takeovers (ArsTechnica)

• One Simple Bug Let This Guy Delete Any Facebook Video (Forbes)

• Ransomware app hosted in Google Play infects unsuspecting Android user (ArsTechnica)

• VXers gift their mates an Android bank-raiding app’s source code (The Register)

• Your Facebook account is now more secure than your bank’s (probably) (The Register)

• Cisco Patches Serious Flaws in Collaboration Products (SecurityWeek)

• Critical Vulnerability in Cisco WebEx Chrome Plugin, (Tue, Jan 24th)

• Penguins force-fed root. Cruel flaw found in lt;codegt;systemdlt;/codegt; v228 (The Register)