Weekly Cyber Security News 27/05/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

The net widens further (again) for the Bangladesh heist and pulls in more banks. I hope I’m not alone in demanding that this be made into a movie! 🙂

• Bangladesh Bank heist trail goes cold in Manila as probes falter (Yahoo Security)
• 12 more banks now being investigated over Bangladeshi SWIFT heist (ArsTechnica)
• Bangladesh Reopens 2013 Cold Case Of Bank Theft Via SWIFT Authorities cite similarities in Sonali Bank hack with February’s $81 million central bank theft.
• Exclusive: Bangladesh probes 2013 hack for links to central bank heist (Yahoo Security)
• SWIFT CEO promises security improvements (The Register)
• SWIFT CEO Pushes Information Sharing, Improved Security

Japan too has its share of issues:

• $13 Million Stolen From Japan ATMs Via Stolen S. African Bank Data
• Japan an alluring target for Standard Bank ATM thieves (Yahoo Security)
• Lessons From ATM Cash-Out Scheme in Japan (InfoRiskToday)
• Malaysians using South African cards pinch US$12.7m in Japan (The Register)

In other news….

• A second inadequately secured Mexican voter list exposes data on more than 2 million voters MacKeeper security researcher Chris Vickery
• Fur Affinity goes read-only while it strengthens security after recent attacks First Fur Affinity posted this in their forums
• Insider breach Shapeshift story @SwiftonSecurity kept telling everyone on Twitter that we #MUSTREAD the story of what happened at Shapeshift.io
• Microsoft bans common passwords that appear in breach lists (The Register)
• Reddit Forced to Reset 100,000 Passwords After Uptick In Hacked Accounts Lorenzo Franceschi-Bicchierai reports
• UK: Tesco call centre worker fined over customer data breach So what do you think the penalty/fine should be for an employee wilfully emailing themselves customer data that they had no business copying and taking?
• Google to kill passwords on Android, replace ’em with ‘trust scores’ (The Register)
• Major DNS provider hit by mysterious, focused DDoS attack (ArsTechnica)
• Pastejacking Attack Allows Hackers to Execute Malicious Code
• Poor Airport Security Practices Just Don’t Fly
• Shuttered Instagram holes opened 20 million accounts to hijack (The Register
• Austrian Firm Fires CEO After $56-million Cyber Scam