Weekly Cyber Security News 28/06/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Here we are again, another week and another S3 leak. I really don’t understand how this keeps happening. Either its sloppy admin or people with no technical (or security) understanding is being let loose on a complex cloud service – both are not great:

• Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank Netflix, TD Bank, and Ford were only a few of the companies whose data was exposed by three leaky Amazon S3 buckets owned by Attunity.

You would hope that when you call in experts to help with a problem, you are dealing with someone responsible. Most often that is the case, however, can you be really sure?

• Biz tells ransomware victims it can decrypt their files… by secretly paying off the crooks and banking a fat margin

Let’s have another classic; an IoT fail of course!

• Smart Lock Turns Out to be Not So Smart, or Secure Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure.

 

More news here:

• Firefox zero-day was used in attack against Coinbase employees, not its users

• AU: Inside the police database that holds 40 million private records and any officer can access

• BGP Route Leak Causes Cloudflare and Amazon AWS Problems

• Desjardins, Canada”s largest credit union, announces security breach (ZDNet)

• McAfee sues former sales team over alleged leak of trade secrets to rival firm

• Meds prescriptions for 78,000 patients left in a database with no password

• UK”s MoD is helping itself to cops” fingerprint database “unlawfully”, rules biometrics chief (The Register)

• 2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz  (The Register)

• 66% of Homes in North America Have Multiple IoT Devices

• Anonymous hacker exposed after dropping USB drive while throwing Molotov cocktail

• AWS Announces General Availability of Security Hub

• AWS Launches Mirroring Feature for Inspecting Network Traffic

• Bought a second-hand Nest Cam? It might have been spying on you

• CBA slapped with a court-enforceable undertaking after loss of data on 20m customers (ZDNet)

• Cloudflare and Amazon AWS Outages Affecting Sites Everywhere

• Cloudflare Criticizes Verizon Over Internet Outage (InfoRiskToday)

• Colorado Man, Operating Under The Nicknames ‘Penissmith’ And ‘Botah’ Indicted On Racketeering Charges Related To Darknet Marketplace AlphaBay

• Dominion National investigates and notifies after discovering unauthorized access to servers that began as early as 2010

• Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms

• Firefox to get a random password generator, like Chrome (ZDNet)

• Fraudsters Spoofing Blockchain Site Steal $27M Worth of Crypto Coins

• Google Announces DNS over HTTPS ‘General Availability’ Google finalizes its DNS-over-HTTPS service inching toward a world where DNS request are sent via HTTPS and not UDP or TCP.

• Google Open-Sources Cryptographic Protocol

• Google pushes Nest cam update to prevent former owners spying on new buyers (ZDNet)

• Hacked Ad Server Pushes SEON Ransomware, Trojans Via Malvertising

• Hackers Favoring Shimmers Over Skimmers for ATM Attacks

• ICO slams UK Met Police for failure to handle public data requests

• Incomplete Fix Leads to New Kubernetes Bug

• Instagram Chief Insists It Doesn’t Spy on Users

• iPhone Apps Surreptitiously Communicated with Unknown Servers

• IT error deletes Creighton pharmacy patient records, including prescription, insurance info

• Linux Cryptominer Uses Virtual Machines to Attack Windows, macOS

• LoudMiner: Cross-platform mining in cracked VST software

• Malicious URL attacks using HTTPS surge across the enterprise

• OpenSSH to Keep Private Keys Encrypted at Rest in RAM

• Proofpoint Domain Fraud Report Finds Millions of New Fraudulent Domains; Over 90 Percent Remain Active

• Researchers think nation-sponsored hackers attacked rival espionage group

• Samba Vulnerability Can Crash Active Directory Components

• Six Arrested in $27 Million Cryptocurrency Theft

• Slackor RAT Allows Hackers to Use Slack Servers

• TD Bank and Ford Internal Files Exposed On the Internet

• Tesco Hacked on Twitter Spoofs Bill Gates and Pushes BTC Scam

• These hackers broke into 10 telecoms companies to steal customer’s phone records (ZDNet)

• TripAdvisor Invalidates Member Passwords Found in Data Breaches

• Troy Hunt: Why Data Breaches Persist (InfoRiskToday)

• UK Firms Riddled With Vulnerable Open Source Software

• UK Identity Fraud Jumps 8% to New All-Time High

• UK student charged for manufacturing gun through 3D printing (ZDNet)

• US bill to force tech giants to tell users how much their data is worth

• User data stolen from ‘human hacking’ forum Social Engineered, published on rival site

• Vulnerability in EA Origin Game Exposed Players to Hackers

• Warning Made on Cross-Platform Cryptominer

• WeTransfer Security Incident: File Transfer Emails Sent to Wrong People

• What the cell…? Telcos around the world were so severely pwned, they didn’t notice the hackers setting up VPN points

• Three quarters of mobile apps have this security vulnerability that could put your personal data at risk (ZDNet)

• macOS Crypto-Miner Emulates Linux

• Microsoft Excel Power Query feature can be abused for malware distribution

• New Bird Miner malware targets Mac pirates (ZDNet)

• New LooCipher Ransomware Spreads Its Evil Through Spam

• New Silex Malware Trashes IoT Devices Using Default Passwords

• Ransomware gang hacks MSPs to deploy ransomware on customer systems

• Steam Phishing Campaign Steals Credentials, Hijacks Accounts

• Botnet Uses SSH and ADB to Create Android Cryptomining Army

• No Slack for you! Microsoft puts rival app on internal list of ‘prohibited and discouraged’ software

• Remote code execution bug lurked in BlueStacks Android emulator

• Kubernetes CLI tool security flaw lets attackers run code on host machine

• Millions of Devices Exposed to Attacks Due to Flaw in PC-Doctor Software