Weekly Cyber Security News 07/07/2017

A selection of this week’s more interesting vulnerability disclosures and cyber security news. OK, looks like I may have to take back what I said last week about the AA ‘dev bug’, looks like it was in fact a breach:

• The AA Exposed Emails, Credit Card Data, and Didn’t Inform Customers Joseph Cox reports

• Personal Details of 117,000 AA Shoppers Exposed

Talking about confusion, the story around this NotPetya is becoming the stuff of movies; miss-directions and double bluff. Have to say though, miss-direction is one of the tools used in all sorts of crimes. I suspect its going to go on for a long time yet, but, and I will possibly regret this by saying I bet the truth is not as exciting as it seems right now:

 

• NotPetya Operators Accessed M.E.Doc Server Using Stolen Credentials: Cisco

• Researchers Dissect Stealthy Backdoor Used by NotPetya Operators

• Updates to NotPetya Lead to Server Seizure at Ukrainian Software Firm

• Hackers Connected to NotPetya Ransomware Surface Online, Empty Bitcoin Wallet Lorenzo Franceschi-Bicchierai ?reports

• Hackers Linked to NotPetya Ransomware Decrypted a File For Us Joseph Cox and Lorenzo Franceschi-Bicchierai report

• NotPetya Decryption Key Sale Genuine or Curveball Charade?

 

Other stuff:

 

• 8tracks Hit With Breach of 18 Million Accounts

• 8tracks Prompts Password Reset After Hack

• Massive WWE Leak Exposes 3 Million Wrestling Fans Addresses, Ethnicities And More Thomas Fox-Brewster reports

• Bitcoin, Ethereum Stolen Following Bithumb Hack

• DeepMind’s Use of NHS Patient Data Contravenes Data Protection Act

• If you have health insurance anywhere, or are a Medicare patient in Australia, your data are up for sale on the darknet Paul Farrell reports

• NeutrinoPoS Old Trojan Shifts to New Targets

• KR: Fourth largest Bitcoin exchange, Bithumb, hacked for billions of Won Luke Parker reports

• Zero-Day Found in Humax WiFi Router

• Fake WannaCry Ransomware Uses NotPetya’s Distribution System

• CopyCat Malware Infects 14 Million Android Devices A new malware strain is discovered with a novel approach to infecting Android handheld devices with adware.

• Google Patches Critical Vulnerabilities in Android

• Microsoft Tackles Ransomware with Controlled Folder Access

• SQL Injection Vulnerability in WP Statistics If you’re using the WordPress plugin WP Statistics, you might want to stop and immediately read John Castro’s post