Weekly Cyber Security News 31/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Continued focus on locating issues in Docker reveal another flaw. This time with no patch (though I notice some Docker updates this week). Watch your backs folks:

• Unpatched Flaw Affects All Docker Versions, Exploits Ready

Even with the advice to avoid SMS and mobile phone 2FA, adding this sometimes weak extra step can be enough to dissuaded someone from further break-in attempts. Like household burglaries, easy targets are the best. Pile up the barriers and make them look elsewhere!

• Adding a Recovery Phone Number Blocks 100% of Automated Bot Attacks, Finds Google

I’m not sure if this a good thing or not, and as usual poses more questions:

• Amazon Digital Assistant Alexa Gets New Skill: Amnesia

 

In other news:

• Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes

• Unsecured database exposes 85GB in security logs of major hotel chains

• 200k Personal Records Exposed by Events Planning Firm Amazingco, an events planning firm, exposed 212,220 records with personal data relating to children’s parties, wine tours and more.

• 42.5M Dating App Records of Americans Exposed in a Database

• Apple sued over alleged sale of iTunes data without customer consent (ZDNet)

• Australian tech unicorn Canva suffers security breach

• CEO who sold encrypted phones to criminal gangs gets nine years in prison

• Chinese military to replace Windows OS amid fears of US hacking

• CI build logs continue to expose company secrets (ZDNet)

• Consent Tracker may be the most worrying tech product of the year (ZDNet)

• Equifax stripped of ‘stable’ outlook over 2017 breach

• Firefox 67 Switching to Empty Profiles Causing Data Loss Fears

• First American Financial Exposed Millions of Sensitive Documents

• GandCrab Campaign Attacks MySQL Servers

• GDPR: Security Pros Believe Non-Compliance is Rife

• GitHub Adds New Tools to Help Developers Secure Code

• Google Researcher Finds Code Execution Vulnerability in Notepad

• Google still plans to cripple ad-blocking in Chrome, but enterprises will be exempt (ZDNet)

• Hackers are scanning for MySQL servers to deploy GandCrab ransomware

• Hackers steal key info about home hunters from housing agency

• Instagram Bans Social Media Company After Data Exposure (InfoRiskToday)

• It’s been a strange week, Part 2. An open letter to Twitter.

• Japan to restrict foreign investment for domestic tech and telco companies (ZDNet)

• macOS Unpatched for Executing Untrusted Code off the Network

• Millions of personal files exposed by insurance biz, serial web hacker strikes again, and more from infosec land

• Mozilla returns crypto-signed website packaging spec to sender – yes, it”s Google

• Nessus expands vulnerability scanner offerings to 16 IPs in commercial environments

• New online gambling rules might increase the likelihood of data breaches

• New unpatched macOS Gatekeeper Bypass Published Online

• Over 50,000 MS-SQL, PHPMyAdmin servers infected in Nansh0u campaign

• Police seized Bestmixer, the mixing service washed at least $200 million in a year

• Snapchat internal tools abused to spy on users and pillage data

• Survey: Security is top worry as IT container use accelerates (ZDNet)

• The aftermath of a data breach: A personal story

• The Netherlands becomes the first country to show Amber alerts on ATMs (ZDNet)

• Title Company Exposes 16 Years of US Mortgage Data (InfoRiskToday)

• U.S. Navy to Build 350 Billion Record Social Media Archive

• Website for storing digital currencies hosted code with a sneaky backdoor

• Windows 10 Losing Connectivity From Outdated Wi-Fi Drivers

• Windows 10 to warn about insecure WiFi networks using WEP or TKIP

• 50k Servers Infected with Cryptomining Malware in Nansh0u Campaign A rapidly-expanding campaign has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin.

• New HiddenWasp malware found targeting Linux systems

• Sectigo Responds to Chronicle”s Report About Malware Signed by Their Certs

• Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable (The Register)

• Intense scanning activity detected for BlueKeep RDP flaw (ZDNet)