Weekly Cyber Security News 22/09/2017

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Another surprising week it has been, always something going on, though for the two major ones of recent times such as Equifax and CCleaner, their situations seem to be evolving at quite a rate and for Equifax, rapidly down hill.

So many developments in how and when, plus of course mistakes in handling the breach just continue to pound at Equifax…

• Equifax Cybersecurity Failings Revealed Following Breach

• Equifax Exec Departures Raise Questions About Responsibility for Breach

• Equifax Security Chief, CIO to ‘Retire’ Immediately

• Equifax Sent Breach Victims to Fake Website

• Equifax CIO, CSO Step Down

• More details on the Equifax hack Wow. Just wow. Read this.
  
• Scammers Offer to Sell Data Stolen in Equifax Hack

 

A surprising twist to the CCleaner story. I bet we were all expecting it to be just the usual criminal attempts to steal stuff from the general public, but no, perhaps its a cover for a more elaborate campaign….

• Attack on Software Firm Was Sophisticated, Highly Targeted

• Avast CCleaner Compromised Amid Rise in Supply Chain Threats

• Avast-Owned Piriform Releases CCleaner Security Update The Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.

• CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft

 

This little article sent chills down my back this morning. I’m sure this will develop further over the coming weeks. Hopefully not in a bad way!

• Internet Providers Possibly Involved in FinFisher Surveillance Operations

 

 

Other nightmares…..

 

• Dutch Bitcoin Broker Litebit Suffers Second Data Breach in Six Weeks JP Buntinx reports

• Hack of U.S. Regulator a Blow to Confidence in Financial System

• Threat Report Says 1 in 50 iOS Apps Could Leak Data

• Vevo Hackers Leak – Then Delete – Huge Trove of Internal Videos, Documents Todd Spangler reports
• AWS Bucket Leaks Viacom Critical Data
  
• DigitalOcean Warns of Vulnerability Affecting Cloud Users

• Magento Patches Critical Vulnerability in eCommerce Platforms

• Millions Download Maliciously Modified PC Utility

• OurMine Claims Vevo Hack, Releases 3.12TB of Data

• SEC Says Intruders May Have Accessed Insider Data for Illegal Trading

• SEC Says It Was Hacked in 2016

• Twitter Suspends Nearly 1 Million Accounts Associated with Terrorism
  
• Viacom’s Secret Cloud Keys Exposed
  
• FedEx Profit Takes $300 Million Hit After Malware Attack
  
• New Spam Campaign Literally Doubles Down on Ransomware
• ‘Optionsbleed’ Flaw Causes Apache to Leak Data

• Internal Communications of Many Firms Exposed by Helpdesk Flaws

• Joomla Login Page Flaw Exposes Admin Credentials

• Nine Vulnerabilities Patched in WordPress