Weekly Cyber Security News 18/05/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Apart from lots of new threats emerging, we have some others not so obvious too. The first, and one that I’ve not seen mentioned before with all the frantic activity over GDPR affects WHOIS and will have many tearing hair out for a few months:

• Deleted WHOIS Data: An Unintended Consequence of GDPR

Following from the ongoing escaped data from FaceBook, we have another woeful leak from people that should know better:

• myPersonality app data leak exposed intimate details of 3m users Phee Waterfield and Timothy Revell report

And most of the news this week (at least at the start of the week) was over PGP and its vulnerability – or not. Good points on both sides but a storm in a tea cup perhaps?

• EFAIL, a weakness in openPGP and S/MIME, (Wed, May 16th)

• Emails Encrypted With OpenPGP, S/MIME Vulnerable to New Attacks

• Researchers warn PGP and S/MIME users of serious vulnerabilities

• Attention PGP Users: New Vulnerabilities Require You To Take Action Now Danny O’Brien and Gennie Gebhart write

• EFAIL Opens Up Encrypted Email to Prying Eyes

• EFAIL: Critical PGP and S/MIME bugs could reveal plaintext of encrypted emails

• ‘EFAIL’ Email Encryption Flaw Research Stirs Debate

 

The other news:

• PoS Malware ‘TreasureHunter’ Source Code Leaked The leak of point-of-sale malware source code is a double-edge sword to researchers who view it as boon to research, but a headache when it comes to inspiring future variants and attacks.

• Rail Europe Notifies Riders of Three-Month Data Breach Rail Europe North America alerts customers to a security incident in which hackers planted card-skimming malware on its website.

• Adobe Doles Out Second Round of Higher Priority Patches Adobe has issued a round of higher priority patches less than a week after its Patch Tuesday updates last week.

• Attackers Use UPnP to Sidestep DDoS Defenses Universal Plug and Play networking protocols can be exploited to bypass DDoS mitigations.

• Deleted Signal Messages Linger on macOS

• Exploiting People Instead of Software: Report Shows Attacker Love for Human Interaction

• Facebook Suspends 200 Apps Over Data Misuse

• Facial recognition tech used by UK cops is ‘dangerously inaccurate’

• Firefox Saves Screenshots to Publicly Accessible Cloud Servers

• Frequency & Costs of DNS-Based Attacks Soar

• Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

• Irish Data Protection Commissioner investigating cyber attack that claimed player details from World Rugby Gavin Mairs reports

• IT Pros Worried About IoT But Not Prepared to Secure It

• Kaspersky Lab to Move Core Infrastructure to Switzerland

• Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions Sources said the funds were diverted to fraudulent accounts in a coordinated heist that involved hundreds of wire transfers and on-the-ground accomplices.

• New DDoS Attack Method Leverages UPnP A new DDoS attack leverages unprotected UPnP routers to make attacks harder to stop.

• New DDoS Attack Method Obfuscates Source Port Data

• New PowerShell Backdoor Discovered

• Nigerian BEC Scammers Growing Smarter, More Dangerous Nigerian-based cybercriminals are growing more dangerous as they add sophisticated tools to their arsenal,? including complex remote access trojans, a new report reveals.

• Symantec Shares More Information on Internal Investigation

• UK: Crown Prosecution Service fined £325,000 after losing victim interview videos

• ZTE Woes Loom as US-China Trade Tensions Rise

• _Wicked_ Variant of Mirai Botnet Emerges

• ‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies A team of academic researchers has demonstrated that it’s possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants.

• Gandcrab Ransomware Exploits Website Vulnerabilities

• GandCrab Ransomware Found Hiding on Legitimate Websites

• New Cryptominer Distributes XMRig in Aggressive Attack

• Newly Discovered Malware Targets Telegram Desktop

• Nigelthorn Malware Infects Over 100,000 Systems

• RIG EK Still Makes Waves, This Time with a Stealthy Backdoor

• Secrets of the Wiper: Inside the World’s Most Destructive Malware

• Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers Catalin Cimpanu reports

• GDPR Phishing Scam Targets Apple Accounts, Financial Data

• Privilege escalation on Windows10/x by shortcut alteration

• Samsung Patches Six Critical Bugs in Flagship Handsets

• U.S. Jury Convicts Operator of Counter AV Service Scan4You

• Code Execution Flaw in Electron Framework Could Affect Many Apps

• Critical Command Injection Flaw Patched in Red Hat Linux

• Critical Linux Flaw Opens the Door to Full Root Access

• One Year After WannaCry Outbreak, EternalBlue Exploit Still a Threat

• Signal Flaw Allowed Code Execution With No User Interaction