Weekly Cyber Security News 15/09/2017

 

A selection of this week’s more interesting vulnerability disclosures and cyber security news. The nightmare of the Equifax breach keeps on deepening, most of which appears to be self inflicted:

• Equifax data breach aftermath: lawsuits and criticism mount, stock prices plummet

• FTC Opens Probe into Equifax Data Breach
• Equifax Gets Slammed, Removes Forced Arbitration Clause from Credit Monitoring Offer
  
• Hacked Equifax data up for sale?

 

MongoDB back in the news when we thought everyone had learnt from the last time round. Apparently not. In fact some indications of repeat victims who obviously didn’t learn from their experience!

• MongoDB Tightens Security Amid New Database Attacks

 

An interesting story of what appears to have been the purchase of an established WordPress plug-in business with the intent on weaponising it. Could we see more of this?

• Backdoored Plugin Impacts 200,000 WordPress Sites

 

In other news Android takes yet another beating and last week’s dolphin is still swimming like mad:

• Backdoored RAT Builder Kit Offered for Free

• Billions Of Bluetooth Devices Vulnerable To Code Execution, MITM Attacks IoT security vendor Armis this week disclosed a total of 8 zero-day bugs in Bluetooth implementations in Android, Windows, Linux, and IOS.

• Billions of Devices Potentially Exposed to New Bluetooth Attack

• EU Defense Ministers Put to Test in Mock Cyberattack

• Mozilla Implements Faster Diffie-Hellman Function in Firefox

• Secure Kernel Extension Loading in macOS Easily Bypassed: Researcher

• Translate.com Exposes Highly Sensitive Information in Massive Privacy Breach

• UP STF busts gang which hacked secure source code to crack Aadhaar, issued fake biometric cards Shashank Shekhar reports

• Why Relaxing Our Password Policies Might Actually Bolster User Safety

• Unpatched D-Link Router Vulnerabilities Disclosed

• Linux Malware Could Run Undetected on Windows

• New Attack Abuses CDNs to Spread Malware

• ‘ExpensiveWall’ Attacks More Than 1 Million Android Users

• Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine

• .NET Zero-Day Flaw Exploited to Deliver FinFisher Spyware

• Adobe Patches Two Critical Flaws in Flash Player

• Apache Struts Flaw Increasingly Exploited to Hack Servers

• Apache Struts Flaw Reportedly Exploited in Equifax Hack

• Equifax Confirms Apache Struts Flaw Used in Hack

• Microsoft Patches Zero-Day, Many Other Flaws