Weekly Cyber Security News 24/01/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24 As IoT encroaches further every day into our lives, often as a result of some marketing guy’s idea to flog their junk, the fear that it could all  wreak havoc at some point catches me. This week a wonderful article hit my feed which highlights what could be reality for some now, and a great number in the years to come:

• Unauthorized Bread: Real rebellions involve jailbreaking IoT toasters

That article above arrived with news from Sonos and for some thankfully it appears they have been pulled back from the precipice – for now:

• Sonos Backtracks: Legacy Devices Will Get Updates After May

• Sonos sunsets several smart speaker’s software support, spurring storm

Phishing works because there is a hook (hence play on fishing), and to hook someone to click on an infected link helps if you can make it seem a popular and ‘safe’ thing to do. This article talks about a method I’m sure I’ve seen mentioned before but is still worth reminding people to not fall for click-bait:

• Did you really ‘like that? How Chameleon attacks spring in Facebook, Twitter, LinkedIn

 

Other interesting news…

• Exams cancelled? University closing due to Brexit? A mischievous email from Southampton’s Vice-Chancellor

• Data leak strikes US cannabis users, sensitive information exposed

• A hacker is patching Citrix servers to maintain exclusive access

• Betting companies given access to UK gov’t information on millions of children

• Campaigners Threaten ICO with Legal Action for AdTech Failings

• Canadian teen calls cops after fake ID doesn’t arrive

• Capita Education Services accidentally spaffs email addresses in Helpdesk snafu

• Design Weaknesses Expose Industrial Systems to Damaging Attacks

• EU considers banning facial recognition technology in public spaces

• FBI Takes Down Site Selling Subscriptions to Stolen Data

• French Spy Suspected of Selling Data on Darknet

• GDPR Regulators Have Imposed $126M in Fines Thus Far, Finds Survey

• Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

• Hardcoded SSH Key Found in Fortinet SIEM Appliances

• Identity and Access Misstep: How an Amazon Engineer Exposed Credentials and More

• In enterprise attack wave, NetWire Trojan now buries itself in disk image files

• Microsoft to forcibly install Bing search extension in Chrome for Office 365 ProPlus users

• Mitsubishi Electric discloses security breach, China is main suspect

• Ooh, watch out Google. You’ve got competition. Verizon has a new “privacy-focused” search engine

• ProtonVPN apps handed to open source community in transparency push

• Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment – The competition targets the systems that run critical infrastructure and more.

• Russian super-crook behind $20m internet fraud den Cardplanet and malware-exchange forum pleads guilty

• Scottish Police Deploy Tech That Extracts Data from Locked Smartphones

• Still losing sleep over that awful Citrix bug? This scanner is here to help… you realize you”ve already been pwned

• UK’s HMRC tax authority seeks tools to track down cryptocurrency criminals

• UK: Community order for hacker who stole over 10,000 files from Royal Stoke Hospital

• Unlocking news: We decrypt those cryptic headlines about Scottish cops bypassing smartphone encryption

• Visa’s acquisition of Plaid throws up data reuse concerns

• Visa’s plan against Magecart attacks: Devalue and disrupt

• WordPress Plugin Bugs Let Hackers Wipe or Takeover Your Site

• Vivin Nets Thousands of Dollars Using Cryptomining Malware

• 16Shop Phishing Gang Goes After PayPal Users

• WindiLeaks: Microsoft exposes 250 million customer support records dating back to 2005. (Not on purpose though)

• Realistic Factory Honeypot Shows Threats Faced by Industrial Organizations