Weekly Cyber Security News 29/03/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Some big news items this week, namely further details on the ransomware campaign claiming Norsk last week spreading to other targets. One bit of good news is that there appears to be a flaw in the code and a simple Windows Shortcut can stop it from working:

• Norsk Hydro ransomware incident losses reach $40 million after one week (ZDNet)

• Major U.S. Chemical Firms Hit by Cyberattack

• LockerGoga Ransomware Neutralized by Shortcut Files

An entrenched supply train attack which was quite startling:

• ASUS Admits Its Live Update Utility Was Backdoored by APT Group

And ending with a why you change default pin codes. One question though, if they turned up with big tankers to take it, they would have been there long enough to cause some suspicion perhaps?

• French gas stations robbed after forgetting to change gas pump PINs

 

The rest of it…

• Lion Air 737 MAX crew had seconds to react, Boeing simulation finds

• This Spyware Data Leak Is So Bad We Can’t Even Tell You About It

• A PSA for twits on Twitter

• Clippy briefly resurrected as Teams add-on, brutally taken down by brand police

• FEMA “unnecessarily” shared data of 2.3 million disaster victims with contractor

• Global police arrest dozens of people in dark web sting

• Hackers abuse Magento PayPal integration to test validity of stolen credit cards

• Hijacked ASUS Live Update software installs backdoors on countless PCs worldwide

• HTML email reborn, as Google brings AMP to your inbox

• Polish Regulator Issues First GDPR Fine

• Popular family tracking app exposed real-time location data onto the internet – no password required

• Popular Web Browser’s Hidden Ability Threatens 500M Google Play Users

• Telegram Now Lets You Delete a Received Message From Sender”s Device

• To rival Amazon, UPS enters healthcare with doorstep nurse delivery

• Two white hats hack a Tesla, get to keep it

• Windows 10 DHCP vulnerability allows for remote code execution

• ASUS Patches Hijacked System Update Utility

• PewDiePie ransomware oblige users subscribe to PewDiePie YouTube channel

• Millions of Android users beware: Alibaba’s UC Browser can be used to deliver malware (ZDNet)