Weekly Cyber Security News 29/03/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. A day earlier than normal as the UK has two public holidays on Friday and Monday. Though such a nice weekend might not be for everyone due to the release of some nasty vulnerability notices.  Namely I’m talking about Drupal, though if you are reading this then you most likely care about security and will have patched already… I’m sure there will be a few out there who don’t get the message.

• Drupal to Patch Highly Critical Vulnerability This Week

• Drupalgeddon: Critical Flaw Exposes Million Drupal Websites to Attacks

A new and nasty looking bot is poking around it seems:

• GoScanSSH Malware Targets Linux Servers

An in an own goal, looks like something missed the QA process to remove from debug. Well, I’m assuming it was some testing code and they really didn’t intend to leave that in production….

• macOS High Sierra Logs External Volume Passwords in Plaintext

Other fun stuff:

• How ‘Hacker Search Engine’ Shodan Caught Leakage of 750MB Worth Of Server Passwords Update

• Canadian Firm Linked to Cambridge Analytica Exposed Source Code

• Hackers steal 2.6 million Haryana power consumer’s data, demand $10 million ransom in BTC

• Intel CPUs Vulnerable to New ‘BranchScope’ Attack

• 780 Days in the Life of a Computer Worm

• Kaspersky Lab Open-Sources its Threat-Hunting Tool ‘KLara’ was built to speed up and automate the process of identifying malware samples.

• SamSam group deletes Atlanta’s contact portal after the address goes public

• SamSam ransomware attacks have earned nearly $850,000

• TrickBot Gets Computer Locking Capabilities

• FTC to Probe Facebook Over Privacy Practices

• Microsoft to ban ‘offensive language’ from Skype, Xbox, Office and other services

• New Android Cryptojacker Can Brick Phones

• UK Regulators Search Cambridge Analytica Offices

• Attackers Shift From Adobe Flaws to Microsoft Products Seven of the Top 10 most commonly exploited vulnerabilities in 2017 were Microsoft-related not Adobe Flash as in years past, Recorded Future found.

• First OpenSSL Updates in 2018 Patch Three Flaws

• IETF Approves TLS 1.3

• Mozilla Isolates Facebook with New Firefox Extension

• Severe Vulnerabilities Expose MicroLogix PLCs to Attacks