Weekly Cyber Security News 21/02/2020

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Extortion methods have been pretty consistent the past couple of years, but a new one popped up this week which seems to be focused on the online small business owner. I wonder how this one will pan out:

• Pay Up, Or We’ll Make Google Ban Your Ads

If you are going to have an important portal to your infrastructure accessible you would want it to be secure and only on your network right? And have password you can change? Oh. Got some bad news for you then…

• Oi, Cisco! Who left the “high privilege” login for Smart Software Manager just sitting out in the open?

I’ve long known that DNS root control would be a pretty big thing, but like everyone else just taken it for granted that someone does something, sometime.  That blissful ignorance was up until a recent ‘security’ issue occurred and made enough news to bring to light what actually goes on. Do take a look at it is fascinating:

• DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

 

In other news…

 

• Samsung freaks out smartphone owners with mysterious ‘1’ notification

• Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin

• A Light at the End of Liberty Reserve’s Demise?

• Adobe releases out-of-band patch for critical code execution vulnerabilities

• Cloud misconfigurations cost companies nearly $5 trillion

• EU Proposes Rules for Artificial Intelligence to Limit Risks

• Google Brings Titan Security Keys to More Countries

• Google burns down more than 500 private-data-stealing, ad-defrauding Chrome extensions installed by 1.7m netizens

• Inside Kenyan Hacker Group Gaining International Fame

• IOTA cryptocurrency shuts down entire network after wallet hack

• New Actors Attack Industrial Control Systems, Old Ones Mature

• OpenSSH adds support for FIDO/U2F security keys

• Over 2000 UK Government Devices Go Missing in a Year

• PhotoSquared: App Leaks Data on Thousands of Users

• Ring to enable 2FA for all user accounts after recent hacks

• Second Windows 10 update is now causing problems by hiding user profiles

• SMS Attack Spreads Emotet, Steals Bank Credentials

• SweynTooth: Bluetooth Vulnerabilities Expose Many Devices to Attacks

• Windows, Linux Devices at Risk Due to Unsigned Peripheral Firmware

• US Gas Pipeline Shut After Ransomware Attack

• 3 Employees Suspended in $4M Puerto Rico Online Scam

• F-Secure Patches Old AV Bypass Vulnerability

• Unsafe WordPress Plugin Installed on Nearly 200,000 Sites