Weekly Cyber Security News 24/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An article that prompts many questions regarding use of PII in a passive way, misses one obvious question: Why was Wi-Fi enabled on 5.9 million devices while in transit? When you next get a moment, just check what, and why you need Wi-Fi and other communications features enabled all the time.

• London Underground to begin tracking passengers through Wi-Fi hotspots (ZDNet)

A bizarre situation that you can’t make up…

• US Air Force probes targeted malware attack, blames… er, the US Navy? What?

And finally, following on from last week’s post about the virus loaded laptop; someone appears to have made a bid. Is it Blofeld? 😉

• Computer Infected with 6 High-Profile Viruses Surpasses $1M in Auction

 

Lots of other stuff:

• 33 Linksys router models leak full historic record of every device ever connected (ArsTechnica)

• Faulty database script brings Salesforce to its knees

• Millions of Golfers Land in Privacy Hazard After Cloud Misconfig A database with millions of data points on games played plus sensitive information was left right in the middle of the internet fairway for all to see.

• TalkTalk Overlooked Nearly 5000 Customers in Breach Notification

• TeamViewer Confirms Undisclosed Breach From 2016

• Unsecured Survey Database Exposes Info of 8 Million People

• 12,564 Unsecured MongoDB Databases Deleted by Attackers

• After breach, Stack Overflow says some user data exposed

• DNS Flag Day 2020: DNS servers must support both UDP and TCP queries (ZDNet)

• Fifth of Docker Containers Have No Root Passwords

• G Suite”n”sour: Google resets passwords after storing some unhashed creds for months, years

• Google uses Gmail to track everything you buy online (ZDNet)

• Instagram Influencer’s Account Information Exposed

• Instagram Says Not Source of Contact Info for Influential Users

• IT contractor allegedly abused government systems for cryptocurrency mining (ZDNet)

• LinkedIn Allowed TLS Certificate to Expire – Again

• Magecart Skimmer Poses as Payment Service Provider

• Maker of US border”s license-plate scanning tech ransacked by hacker, blueprints and files dumped online

• Phisher folk reel in Computacenter security vetting mailbox packed with sensitive staff data

• Root account misconfigurations found in 20% of top 1,000 Docker containers

• Salesforce faced one of its biggest service disruption of ever

• Salesforce outage hits when firm tries to stop data leak

• Salesforce Woes Linger as Admins Clean Up After Service Outage An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.

• Some Elasticsearch security features are now free for everyone (ZDNet)

• Sophos tells users to roll back Microsoft”s Patch Tuesday run if they want PC to boot

• Two More Zero-Day Vulnerabilities Released for Windows

• Windows 10 Could Break If Capability SIDs Are Removed From Permissions

• Windows May Hang for Sophos Users After Installing May Updates

• Zebrocy Operators Also Look for Browser and Email Databases

• Attackers Could Use Mobile Device Sensors to Generate Unique Device Fingerprint: Research

• Comodo Issued Most Certificates for Signed Malware on VirusTotal

• Personal data on the Dark Web

• New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

• Slack Flaw Allows Hackers to Steal, Manipulate Downloads