Weekly Cyber Security News 20/04/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. With so much data floating around on website postings, or given up via sign-ups, its not surprising that site scrapping of information we so readily share without a thought becomes highly valuable in aggregated form. Unfortunately when that leg work surfaces we strangely become all surprised and enraged that this is possible – at least in the general non-tech world. With the looming GDPR, do we think this situation is going to change much? 

• A Private Intelligence Platform, LocalBlox, Leaked 48 Million Personal Data Records New from UpGuard

There has been instances in the past of photos giving up finger prints, and better camera tech is certainly facilitating that. What’s the point of using such things as face, finger or iris  for biometric authentication when its becoming increasingly easy to extract this information from a photo? Sure, some attempts at detecting that its a real person as opposed to a picture has taken us further but it is still far from being foolproof:

• Busted! Cops use fingerprint pulled from a WhatsApp photo to ID drug dealer

I’m aways curious of the intentions behind repeated scans of any service. This article really was interesting. Pass me more honey pots please!

• Honeypot Shows the Power of Automation in the Hands of Hackers

The rest of the news:

• 25 Million U.S. Individuals Impacted by 2016 Uber Hack

• First Public Demo of Data Breach via IoT Hack Comes to RSAC

• IDG Contributor Network: Law enforcement uses anti-virus software to recover suspect’s web history

• IDG Contributor Network: Your cache is exposed

• Popular Android Apps Leak User Data via Third-Party SDKs

• Chrome 66 Distrusts Older Symantec Certificates

• Few RSA Conference Exhibitors Implemented DMARC

• LinkedIn Vulnerability Allowed User Data Harvesting

• Nigerian Hackers Attempt to Steal Millions From Shipping Firms

• NIST Seeking Comments on New AppSec Practices Standards

• Security Pros at Energy Firms Concerned About ‘Catastrophic’ Attacks

• The Kiss of Death for Passwords: Machine Learning?

• Android Trojan Spreads via DNS Hijacking

• Cryptomining, not ransomware, the top malware threat so far this year

• Hackers Can Stealthily Exfiltrate Data via Power Lines

• Power Line Vulnerability Closes Air Gap A new demonstration of malware shows that air-gapped computers may still be at risk.

• Facebook Admits to Tracking Non-Users Across the Internet

• Google Turns TLS on By Default on Android P

• iPhones, iPads Can Be Hacked via ‘Trustjacking’ Attack

• Drupal 8 Updated to Patch Flaw in WYSIWYG Editor

• Drupal Sites Targeted With Backdoors, Miners in Drupalgeddon2 Attacks

• Hackers Start Exploiting Drupalgeddon2 Vulnerability

• Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws

• Severe Flaws Expose Moxa Industrial Routers to Attacks