Weekly Cyber Security News 03/06/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news including a trove of old account details of a vast number of MySpace users has been revealed. Not so much a risk as such because who uses it any more, but the fact that many don’t change their passwords often or reuse them across multiple sites along with associated details like email address:

 

• 427 Million MySpace Passwords Appear For Sale
• Cluster of megabreaches compromise a whopping 642 million passwords (ArsTechnica)
• MySpace Fallout: More Big Breaches to Come? (InfoRiskToday) 

In other news looks like authorities in Japan have caught a couple behind the ATM heist, TeamViewer is being accused of a possible breach and the trail from Bangladesh has allegedly taken a surprising turn towards North Korea.

• Danish Authorities Investigate OkCupid Incident
• PM’s department red-faced after database leaks in the cc: field (The Register)
• TeamViewer Denies Breach After Users Get Hacked (SecurityWeek)
• Hacked Texas construction signs call Donald Trump a lizard (Yahoo Security)
• Infosec newbie looking for entry level training? So is SWIFT (The Register)
• Insight: Trail in Ecuador cyberheist leads to gamers crash pad in Hong Kong (Yahoo Security)
• Lenovo cries ‘dump our support app’ after ‘critical’ hole found (The Register)
• Oracle eBusiness Suite has ‘huge, massive, ginormous’ pwn surface (The Register)
• PCs hijacked, PayPal accounts raided as TeamViewer falls TITSUP (The Register)
• Reddit Counters Account Takeover Surge with Password Resets
• Researchers: Asian bank hacks may be linked to North Korea (Yahoo Security)
• Scrum.org hacked, may have lost crypto keys and some user data (The Register)
• SWIFT finally pushes two-factor auth in banks it only took several multimillion-dollar thefts (The Register)
• TeamViewer denies hack after PCs hijacked, PayPal accounts drained
• Trail in Ecuador cyberheist leads to gamers crash pad in Hong Kong (Yahoo Security)
• Two Japanese Arrested After ATM Heist: Police, Media (SecurityWeek)
• US Congress committee investigating Bangladesh Bank heist (Yahoo Security)
• Flash. Bang. Wallet: Marcher crooks target UK Android users (The Register)
• 10,000+ WordPress sites imperilled by in-the-wild mobile plugin exploit (ArsTechnica)
• CVE-2016-1902 The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9
• Newly discovered zero-day exploit affects almost every version of Windows (Yahoo Security)
• Old Drupal Flaw Still Used to Hack Websites
• Watch As Hackers Hijack WhatsApp Accounts Via Critical Telecoms Flaws (Forbes)
• Your WordPress and Drupal installs are probably obsolete (The Register)