Weekly Cyber Security News 08/12/2017

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Many I’ve spoken to on a scary headline involving a breach at anything to do with PayPal, were in the end relived that it wasn’t in fact PayPal. But just think what if it had? Let’s hope we never see it as that would make most other breaches look meaningless.

• Breach at PayPal Subsidiary Affects 1.6 Million Customers

Having connections with the education sector outside of work, I’ll tell you what, I’m not surprised if this kind of thing is more common – albeit on a smaller scale I hope! Many schools don’t have people qualified to understand the implications this would have. It’s similar in some ways to mobile phone companies offering cash for installation of cell towers. Many welcome additional funds so its often seen as a good thing if not quite understood:

• Company with no privacy policy to collect brainwave data on 1.2 million students

 

Other news….

• July Systems data leak: Massive trove of sensitive information exposed online via unsecured database India Ashok reports

• Morrison’s data leak could see thousands of workers given payout Jan Colley, Simon Smith, and Gareth Bartlett report

• oBike reviewing app security after international user data lea Zhaki Abdullah reports

• A popular virtual keyboard app leaks 31 million user’s personal data Zack Whittaker reports

• Apple Patches Vulnerabilities in macOS, watchOS, and tvOS

• Ashley Madison takes your privacy very seriously. until they don’t Thomas Fox-Brewster reports

• Attacker ‘Dwell Time’ Average Dips Slightly to 86 Days

• Authorities Take Down Andromeda Botnet

• Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin

• Bittrex ‘Leaks’ User Passports In Support Emails, Says Russian Telegram Channel William Suberg reports

• Common Infiltration, Exfiltration Methods Still Successful

• DHS Says Drone Maker DJI Helping China Spy on U.S.

• German government wants backdoors for spying added to cars, computers, IoT devices

• Leaked Credentials Service Shuts Down

• Owning VirtualBox via MITM

• The Worst Password Offenders of 2017

• Two Vulnerabilities Patched in OpenSSL

• UK Members of Parliament Share Passwords with Staff

• ‘Cyber heist’: 600 bank accounts hacked for Rs 10million

• Keylogger Found on 5,500 WordPress Sites

• Man who tried to free friend by hacking into prison system, gets caught, and yeah. now he’s likely to join his friend inside Iain Thomson reports

• 6 Personality Profiles of White-Hat Hackers From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking most just like the challenge.

• Android’s December 2017 Patches Resolve Critical Flaws

• Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches Dawn Kawamoto reports

• Mailsploit: Popular Email Apps Allow Spoofing, Code Injection