Weekly Cyber Security News 23/03/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Interesting week once again. I will skip any comment on AMD and Facebook, way too much said already and some links below, what I will pick out from my trove of reports are some interesting insights to where bad actors are finding information to use. The first up is an amusing experiment with MongoDB. The interesting facts are that while it was scanned by a number of endpoints, none bothered to progress to attack until it appeared on Shodan. Can we assume from this that attackers focus on a narrow range of targets that match their skill set rather than have a go at anything they can find?

• How long does it take for a MongoDB to be compromised? Hint: not very long

Another project fishing for IAM abuse also finds similar patterns. Attackers interested in certain types of information limit their scopes, again, to a narrow selection of sources.

• Hunting Cybercriminals with AWS Honey Tokens

A curious breach too with this one. We all hear that cryptocurrency mining is now the preference for bad actors to make money, but is it a lost opportunity that a breach of a site that would be exposing a large amount of intellectual property wasn’t actively used, and instead was just used for mining? Curious…

• Coverity Scan Hacked, Abused for Cryptocurrency Mining

 

Other news….

• Firefox Fails at Keeping Passwords Secure, Developer Claims

• Android Trojan Leverages Telegram for Data Exfiltration

• Expedia’s Orbitz says 880,000 payment cards hit in breach Reuters reports

• Hackers Steal Payment Card Data on 880K from Expedia Orbitz Expedia announces a breach exposing 880,000 customer records to the world.

• National Lottery hacked: 10.5m players are warned to change their passwords Sean Poulter reports

• Online Sandbox Services Used to Exfiltrate Data: Researcher

• Criminals Using Web Injects to Steal Cryptocurrency

• Facebook CISO Stamos to Depart from the Social Media Firm: Report

• Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens

• He tried to tell you you’re leaking data. Even after you stupidly blocked himng

• Puerto Rico’s Electric Utility Hacked in Weekend Attack Service was disrupted but no customer records compromised, officials said.

• GandCrab Ransomware Goes ‘Agile’

• 18.5 Million Websites Infected With Malware at Any Time

• Azure Guest Agent Design Enables Plaintext Password Theft Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.

• Not a breach, Facebook says after suspending firm that took 50M Facebook user’s data

• PinkKite POS Malware Is Small but Powerful

• Suspending Cambridge Analytica and SCL Group from Facebook So Facebook is still standing by their “this is not a breach” assertion

• AMD Chip Flaws Confirmed by More Researchers

• AMD Says Patches Coming Soon for Chip Vulnerabilities

• Apple Addresses HSTS User Tracking in WebKit

• Facebook Suspends Trump Campaign Data Firm Cambridge Analytica

• Google, Twitter Security Chiefs Leaving Companies

• Hackers Tried to Cause Saudi Petrochemical Plant Blast: NYT

• Oil and Gas Sector in Middle East Hit by Serious Security Incidents

• Orbitz Data Breach Impacts 880,000 Payment Cards