A selection of this week’s more interesting vulnerability disclosures and cyber security news. Interesting variety this week, the Bangladesh Bank vs SWIFT is getting nasty with lots of mud slinging and accusations, a few data leaks as usual, and a 0-day for Flash (for those of you who’ve not by now removed it). The most interesting for me, and quite unexpected is that Facebook have dumped on github an open source hacking game of catch-the-flag.
- $1B Bangladesh heist: Officials say SWIFT technicians left bank vulnerable (ArsTechnica)
- Adobe Flash Zero-Day Under Attack (SecurityWeek)
- Allwinner’s all-loser custom kernel has a nasty root backdoor (The Register)
- Babycare e-tailer Kiddicare admits customer data breach (The Register)
- Beware of in-the-wild 0day attacks exploiting Windows and Flash (ArsTechnica)
- Compression tool 7-Zip pwned, pain flows to top security, software tools (The Register)
- Criminals exploit zero day Flash vulnerability (The Register)
- Dozens of companies breached through SAP bug patched years ago (ArsTechnica)
- Facebook debuts WhatsApp desktop apps as Slack adds SSO (The Register)
- Garbage in, garbage out: Why Ars ignored this weeks massive password breach (ArsTechnica)
- ImageTragick Exploits Used for Reconnaissance, Remote Access (SecurityWeek)
- No more get-out-of-jail-free card for CryptXXX ransomware victims (ArsTechnica)
- Panama Papers Go Online As Obama Pushes Global Tax Transparency (Forbes)
- Philippines seeks to tighten money laundering laws after heist (Yahoo Security)
- Popular UK mobile tech firm 51Degrees hacked (The Register)
- Pre-installed Lenovo Bloatware Causing More Security Problems
- Ransomware grifters offer to donate proceeds of crime to charity (The Register)
- Windows Zero-Day Leveraged in Financial Attacks (SecurityWeek)
- Infosec freeloaders not welcome as malware silo VirusTotal gets tough (The Register)
- Hacked WordPress Sites Target Random Users (SecurityWeek)
Weekly Cyber Security News 13/05/2016
