Weekly Cyber Security News 19/01/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Well, it seems 2018 has really got back into the swing of nasty things occurring. I don’t doubt you noticed the huge amount of spam email this week choking servers around the world. The highest (according the to the CBL stats I saw) for a year. I did have a chat on Twitter with a few about it while it was ongoing and the view was as it appear to mostly be a phishing exercise (no malware payload to increase the size of each mail) the volume was that much greater. The storm did pass and I wonder if that was just a testing phase, especially with recent news of developments in botnets such as:

• Mirai Variant Targets ARC CPU-Based Devices

That email storm was certainly from a distributed source. Was someone playing with a new one? This then poses the question: Where does the estimate below now sit?

• BEC Attacks to Exceed $9B in 2018: Trend Micro

A particularly interesting analysis of an industrial control system attack I might have previously mentioned. Again, at this level of attack and obvious target, it doesn’t bare thinking about the consequences:

• Triton Malware Exploited Zero-Day in Schneider Electric Devices

• Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT

 

The rest of the messy news:

• Adminer <= v4.3.1 Server Side Request Forgery

• ‘Professional’ hack on Norwegian health authority compromises data of three million patients Sooraj Shah reports

• Backdoor Found in Lenovo, IBM Switches

• Blackwallet hacked: Report There are reports tonight that Blackwallet has been the victim of a  DNS hijack.

• Booby-Trapped Messaging Apps Used for Spying: Researchers

• Four Malicious Google Chrome Extensions Affect 500K Users ICEBRG Security Research team’s finding highlights an often-overlooked threat.

• Hackers Have Walked Off With About 14% of Big Digital Currencies Olga Kharif reports: In less than a decade, hackers have stolen $1.2 billion worth of Bitcoin and rival currency Ether, according to Lex Sokolin, global director of fintech strategy at Autonomous Research LLP

• Half Million Impacted by Four Malicious Chrome Extensions

• Intel Tests Performance Impact of CPU Patches on Data Centers

• MailChimp Found Leaking Email Addresses Tara Seals reports

• Stack Ranking SSL Vulnerabilities: The ROBOT Attack

• This hacker is rating software security Consumer Reports-style

• Threat Actors Quickly Adopt Effective Exploits

• ‘MaMi’ Mac Malware Hijacks DNS Settings

• Crypto-Mining Attack Targets Web Servers Globally

• Fake Meltdown/Spectre Patch Installs Malware

• New KillDisk Variant Spotted in Latin America

• Flaws Allowed Facebook Account Hacking via Oculus App

• Skygofree: Powerful Android spyware with advanced surveillance tools

• DNS Servers Crash Due to BIND Security Flaw

• Researchers Earn $100,000 for Hacking Pixel Phone

• Researchers Offer ‘a VirusTotal’ for ICS Free online sandbox, honeypot tool simulates a real-world industrial network environment.

• Salted Hash Ep 14: Are mass transit systems the next big target?