Weekly Cyber Security News 13/07/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Oh so many again this week, but I will for a huge change, start with a nice positive story. While its about the infosec industry (why else appear here I suppose???), the same goes from almost any other tech related field – like this, and others, it was pretty much my route too:

• Lessons from My Strange Journey into InfoSec

From the end of last week a horrifying analysis of how bad the financial industry could well be. I can’t be sure how wide spread such issues are having never worked in that one myself, but these practices really don’t inspire confidence do they?

• Trading Platforms Riddled With Severe Flaws

Of course I need to have another pot shot at IoT and the smoothly links with the previous article – in a tenuous way. Is this a gimmick or the ‘future’?

• Smart Speaker Banking Is Coming to a Device Near You, But Is It Secure?

Happy reading….

• AU: Major employee privacy breach at BHP Mirage News reports

• Britain to Fine Facebook Over Data Breach

• GoDaddy-owned hosting company Domainfactory hacked

• Hackers steal $13.5 Million from Israeli Bancor exchange

• Hide ‘N Seek IoT Botnet Can Infect Database Servers

• HNS Botnet evolves and targets cross-platform database solutions

• Identities of thousands of Tennesseans with HIV made vulnerable by government error Bret Kelman reports

• Macy’s and Bloomingdale’s notify customers of attack Thanks to Catalin Cimpanu of Bleeping Computer

• MyEtherWallet Warns of [Another] Hack, Urges Hola Users to Move Funds CCN reports

• Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach Catalin Cimpanu reports

• Ticketmaster Breach Part of Massive Payment Card Hacking Campaign

• Timehop Breach Impacts Personal Data of 21 Million Users A massive breach has impacted up to 21 million users’ personal data and their social media _access tokens._

• Timehop Releases New Details About July 4 Breach Additional information includes PII affected and the authentication issue that led to the breach.

• Timehop says hack impacted more than 21 million users From Timehop

• Update: BP data breach affected 60,000 after malware attack on PageUp job portal Julie Iles reports

• User data exposed in Domain Factory hosting security breach Charlie Osborne reports

• Adobe Issues Over 100 Patches for Flash, Acrobat and Reader

• After Strava, Polar is Revealing the Homes of Soldiers and Spies Foeke Postma reveals the disastrous situation

• Another Crypto(Currency) Fail: Hackers Steal $23.5 Million from Token Service Bancor Jeff John Roberts reports

• As Facial Recognition Use Grows, So Do Privacy Fears

• AT&T to Acquire Threat Management Firm AlienVault

• Broadcom Buys Business Software Firm CA for $18.9 Billion

• Chrome Now Features Site Isolation to Defend Against Spectre A new feature called site isolation is being tapped to protect Chrome users against Spectre.

• Dark Web Chatter Helpful in Predicting Real World Hacks, Firm Says

• Deceased Patient Data Being Sold on Dark Web Oren Koriat reports

• Hacker offered for sale US Military Reaper Drone documents for $200

• Hackers steal $23.5M in cryptocurrency from ‘decentralized’ crypto exchange Bancor

• Newly Found Spectre Variants Bring New Concerns

• The 111 Million Record Pemiblanc Credential Stuffing List Troy Hunt reports

• Thieves hack Marathon gas station, steal $1,800 of gas

• Ticketmaster Breach: Tip of the Iceberg in Major Ongoing Magecart Attacks

• Timehop data breach, data from 21 million users exposed

• Two More Convicted in $30M Massive Hacking, Securities Fraud Operation

• Two More Traders Convicted in Newswire Hacking Scheme

• Ukraine Security Service Stops VPNFilter Attack at Chlorine Station

• When an insider rides Pegasus into the dark web

• Vodafone information glitch ‘bad privacy breach’ Susan Edmunds reports

• A tainted version of Arch Linux PDF reader package found in a user-provided AUR

• BlackTech APT using stolen D-Link certificates to spread malware

• Hacker hijacked original LokiBot malware to sell samples in the wild

• New Rakhni variant could infect systems with?either a ransomware or a miner

• Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining The Rakhni Trojan is now giving bad actors the ability to infect victims either with a ransomware cryptor or a miner.

• Popular software VSDC official website was hacked and used to distribute malware

• ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat.

• VPNFilter Malware Hits Critical Infrastructure in Ukraine

• IDG Contributor Network: Stop training your employees to fall for phishing attacks

• Apple OS Update Lifts Curtain on iPhone USB Restricted Mode Apple has officially added a controversial security feature, USB Restricted Mode, to iPhones as part of its new iOS 11.4.1, released on Monday.

• Departing Apple Engineer Stole Autonomous Car Tech

• Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release Microsoft patches 17 critical bugs and 34 important bugs as part of its monthly security bulletin.

• A dumb security flaw let a hacker download US drone secrets Matt Burgess reports

• Adobe July Patch Tuesday fixes over 100 flaws in Adobe Acrobat and Reader

• Apple Patches KRACK Flaws in Boot Camp

• GandCrab Ransomware Spreads Via NSA Exploit

• Google Patches Critical Remote Code Execution Bugs in Android OS The July Android Security bulletin tackles 44 vulnerabilities in all, with the bulk rated high in severity.

• HackerOne Bug Bounty Programs Paid Out $11 Million in 2017

• Intel Pays $100,000 Bounty for New Spectre Variants