A selection of this week’s more interesting vulnerability disclosures and cyber security news. The weather has turned towards winter, the manic spending spree that most of us will now start to endure, and yet a another round of massive data breaches leads me to say we need a bit of fun though still linked to IoT hell:
Are you ready now for the rest of the news? Take a deep breath:
- Check Point reveals 1,000,000 Gmail accounts were hacked
- Data leak on Europol terrorism investigations
- National Lottery suffers data breach, exposes 26,500 customer accounts
- So, just how were those MailChimp accounts hacked?
- Thousands of UK National Lottery Accounts Breached (SecurityWeek)
- ‘Likely Hacker Attack’ Hits Almost 1 Million German Homes
- ‘Tesco Bank’s major vulnerability is its ownership by Tesco,’ claims ex-employee (The Register)
- cURL Security Audit Reveals Several Vulnerabilities (SecurityWeek)
- Cyber college for wannabe codebreakers planned at UKs iconic Bletchley Park (ArsTechnica)
- Cyber-blitz bombs 1m German broadband routers and your ISP could be next (The Register)
- Deutsche Telekom outage seen as part of broader internet attack (Yahoo Security)
- European Commission Hit By DDoS Attack
- Europol announces 5 arrests in ‘unprecedented’ cybercrime op (Yahoo Security)
- Firefox 0day used against Tor users almost identical to one FBI used in 2013 (ArsTechnica)
- German internet outage was failed botnet attempt: report (Yahoo Security)
- Hackers attack EU executive but no data breach: spokesman (Yahoo Security)
- Hackers crack Liechtenstein banks, demand ramsoms (The Register)
- Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper (The Register)
- Japan investigating defence network break-in (The Register)
- Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains (ArsTechnica)
- Liechtenstein bank’s Chinese parent says no money losses in hacker attack (Yahoo Security)
- Microsoft update servers left all Azure RHEL instances hackable (The Register)
- Mirai Botnet Knocks Out Deutsche Telekom Routers (InfoRiskToday)
- Mozilla hackers audit cURL file transfer toolkit, give it a tick for security (The Register)
- PayPal proffers patch for OAuth app hack hole (The Register)
- Phishing tackle ships data catch to net sharks (The Register)
- San Francisco Transit Agency Earns Praise For Denying Ransom Request
- San Francisco’s Muni Vows: We Won’t Pay Bitcoin Ransom (InfoRiskToday)
- Security Firm Sees Tesla Theft Risk By Smartphone Hackers Using Owner App (Forbes)
- SHIFT + F10 bypassses Windows 10 BitLocker and drops you into an access-all-areas CLI (The Register)
- Tor releases urgent update for Firefox 0day thats under active attack (ArsTechnica)
- UCL snags head of Europol for a seminar on privacy (The Register)
- Vuln: CakePHP Multiple Security Bypass Vulnerabilities CakePHP Multiple Security Bypass Vulnerabilities
- ‘Avalanche’ network dismantled in international cyber operation
- German ISP Confirms Malware Attacks Caused Disruptions (SecurityWeek)
- 1 million Android accounts compromised by Android malware called Gooligan (ArsTechnica)
- At least 10 million Android users imperiled by popular AirDroid app (ArsTechnica)
- Beware: Scalable Vector Graphics Files Are A New Ransomware Threat
- Fatal flaws in ten pacemakers make for Denial of Life attacks (The Register)
- Microsoft Azure Flaws Exposed RHEL Instances (SecurityWeek)
- Tor Users Targeted With Firefox Zero-Day Exploit (SecurityWeek)
Weekly Cyber Security News 02/12/2016
