A selection of this week’s more interesting vulnerability disclosures and cyber security news. What a week of news this has been, more MageCart, a few large take downs, and some surprising breaches. We start with a first, the first ‘hack’ from space:
Another bizarre news item revolves around the Black Hat Conference. One of the speakers suffered heckling during their talk which then quickly esculated:
Back to normal exaggeration over terrible security practices… This one though is what many of feared – biometrics leak + linkage to identified individuals. Throw on top of that another undisclosed tracking project at one of the UK’s major transit hubs and should we be worried? What makes that biometric leak extra concerning is that it appears to be possibly for building access – all the things you need to do a Mission Impossible on it:
- Fingerprints of 1M Exposed in Public Biometrics Database A publicly accessible database exposed the fingerprints and facial recognition information of millions, thrusting biometrics security into the spotlight once again.
In other news…
- Backdoor Found in Utility for Linux, Unix Servers Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.
- Elderly China Chopper Tool Still Going Strong in Multiple Campaigns Multiple actors in multiple campaigns are using the web shell for remote access, even though it’s almost a decade old and hasn’t been updated.
- Magecart Hits 80 Major eCommerce Sites in Card-Skimming Bonanza Mainly motorsports and luxury apparel sites, all of them were running outdated versions of the Magento eCommerce platform.
- Dangerous Cryptomining Worm Racks Up 850K Infections, Self-Destructs Law enforcement takedown causes Retadup malware to eat itself.
- Can’t bear to part with that well-worn copy of Windows 7? Microsoft might let you keep it updated an extra year
- Google Squashes High-Severity Blink Browser Engine Flaw The bug could enable remote code-execution, information-siphoning or denial-of-service attacks.