Topic   Web Sites   
   
Criminal Stole “a Significant Amount of Data” in Airport Hacking Attack
Overview: "A criminal stole “a significant amount of data” in a hacking attack that targeted one of the busiest airports in Australia," Tripwire reports. 
 
Author: David Bisson   Web Site: www.tripwire.com   Date: 12/11/2017
Topics: General Security Awareness

Lifestyle pin-up site Pinterest: Hack attempts blamed on 'credential stuffing'
Overview: "Searches for the term 'Pinterest hacked' spiked last week while 'pinterest password' started to trend on Twitter. UK security researcher Scott Helme recently reported that his Pinterest account had been temporarily frozen after someone attempted to log into his account, seemingly from Egypt," The Register reports.
 
Author: John Leyden   Web Site: www.theregister.co.uk   Date: 12/11/2017
Topics: Authentication, Password Usage

Android vulnerability allows attackers to modify apps without affecting their signatures
Overview: "Among the many Android vulnerabilities patched by Google this December is one that allows attackers to modify apps without affecting their signatures," Help Net Security reports. 
 
Author: Zeljka Zorz   Web Site: www.helpnetsecurity.com   Date: 12/11/2017
Topics: Mobile Device Security, Vulnerability Management

Dormant Keylogger Functionality Found in HP Laptops
Overview: "A researcher has discovered that a touchpad driver present on hundreds of HP laptops includes functionality that can be abused for logging keystrokes. The vendor has released patches for a vast majority of affected devices," SecurityWeek reports. 
 
Author: Eduard Kovacs   Web Site: www.securityweek.com   Date: 12/11/2017
Topics: Vulnerability Management

Next-gen telco protocol Diameter has last-gen security – researchers
Overview: "Some of the well-known weaknesses of SS7 Roaming Networks have been replicated in the next-gen telco protocol, Diameter," The Register reports. 
 
Author: John Leyden   Web Site: www.theregister.co.uk   Date: 12/8/2017
Topics: Network Security, Vulnerability Management

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code
Overview: "Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate," Threatpost reports. 
 
Author: Tom Spring   Web Site: threatpost.com   Date: 12/8/2017
Topics: Vulnerability Management

Banking Apps Found Vulnerable to MITM Attacks
Overview: "Leading US and UK-based banks have patched a flaw found in their Android and iOS mobile apps that allowed adversaries to conduct man-in-the-middle attacks to steal customer credentials and view and manipulate network traffic," Threatpost reports. 
 
Author: Tom Spring   Web Site: threatpost.com   Date: 12/7/2017
Topics: Mobile Device Security, Vulnerability Management

HBO Hacker Linked to Iranian Spy Group
Overview: "A man accused by U.S. authorities of hacking into the systems of HBO and attempting to extort millions of dollars from the company has been linked by security researchers to an Iranian cyber espionage group tracked as Charming Kitten," SecurityWeek reports. 
 
Author: Eduard Kovacs   Web Site: www.securityweek.com   Date: 12/6/2017
Topics: General Security Awareness

Data-slurping keyboard app makes Mongo mistake with user data
Overview: "On Tuesday security shop Kromtech released details on a MongoDB database it found unsecured online containing 577GB of data collected by predictive keyboard app AI.type from its over 31 million users," The Register reports. 
 
Author: Iain Thomson   Web Site: www.theregister.co.uk   Date: 12/5/2017
Topics: Configuration Management, Database Security, General Security Awareness

Uber says 2.7 MEEELLION(ish) UK users affected by hack
Overview: "Uber has finally come up with a figure for the number of UK-based riders and drivers affected by its massive data breach: 2.7 million...The taxi hire firm has been slammed by regulators around the world for keeping the hack, which happened in October 2016, quiet for the best part of a year," The Register reports. 
 
Author: Rebecca Hill   Web Site: www.theregister.co.uk   Date: 11/29/2017
Topics: Data Loss Prevention (DLP), General Security Awareness, Legal, Regulatory and Compliance

Stupid, stupid MacOS security flaw grants admin access to anyone
Overview: "The latest version of macOS includes a mindlessly simple, one-step way to take over any Mac...In your most recent High Sierra macOS release, it turns out you've given a way for any local user to take over a Mac -- lock, stock, and two smoking barrels," ZDNet reports. 
 
Author: Steven J. Vaughan-Nichols   Web Site: www.zdnet.com   Date: 11/28/2017
Topics: Authentication, Configuration Management, Password Management System

.GIF garage Imgur plugs 1.7 million-subscriber creds breach
Overview: "The company was advised of the breach by HaveIBeenPwned administrator Troy Hunt on November 23, 2017...Imgur's chief operating officer Roy Sehgal posted confirmation of the breach. Hunt took to Twitter to say that notice came 25 hours after he notified the company it had a problem," The Register reports. 
 
Author: Richard Chirgwin   Web Site: www.theregister.co.uk   Date: 11/27/2017
Topics: General Security Awareness

Linus 'Linux' Torvalds gives security developers guidance
Overview: "Leading open-source developer Torvalds does more than swear at poor security development. He spells out what he expects from security programmers," ZDNet reports. 
 
Author: Steven J. Vaughan-Nichols   Web Site: www.zdnet.com   Date: 11/27/2017
Topics: Application Security, Secure Development Lifecycle (SDLC)

EU's data protection bods join the party to investigate Uber breach
Overview: "The massive Uber data breach will be discussed by the European Union's data protection authorities next week...The group, known as the Article 29 Working Party, is meeting on November 28-29 and has put the hack, which affected 57 million users, high on its agenda," The Register reports. 
 
Author: Rebecca Hill   Web Site: www.theregister.co.uk   Date: 11/24/2017
Topics: General Security Awareness, Legal, Regulatory and Compliance

Eight Arrests Made in Connection with $3.5M Credit Card Skimming Scheme
Overview: "Federal and local authorities have arrested eight individuals in connection with a credit card skimming scheme that caused losses in excess of $3.5 million," Tripwire reports. 
 
Author: David Bisson   Web Site: www.tripwire.com   Date: 11/22/2017
Topics: General Security Awareness

Holiday season scams: Fake deals, fake stores, fake opportunities
Overview: "Black Friday is widely regarded as the beginning of the US (and increasingly global) Christmas shopping season. Cyber Monday, which comes three days later, was created to persuade people to shop online more. They are a huge boon for retailers, both online and offline, but also for cybercriminals," Help Net Security reports. 
 
Author: Zeljka Zorz   Web Site: www.helpnetsecurity.com   Date: 11/22/2017
Topics: General Security Awareness, Social Engineering (e.g., phishing)

Canadian Business Banking Customers Hit With Targeted Phishing, Account Takeover Attacks
Overview: "IBM X-Force research has been following the activity of a cybergang that has been targeting Canadian businesses with customized phishing attacks, likely operating out of Ukraine," Security Intelligence reports. 
 
Author: Limor Kessem   Web Site: securityintelligence.com   Date: 11/22/2017
Topics: Malicious Software Controls, Social Engineering (e.g., phishing)

Hackers Demanded $8K from Sacramento Regional Transit after Attack
Overview: "Hackers demanded a ransom of approximately $8,000 after they attacked the Sacramento Regional Transit’s (SacRT) computer system," Tripwire reports. 
 
Author: David Bisson   Web Site: www.tripwire.com   Date: 11/21/2017
Topics: General Security Awareness

More than $30 million worth of cryptocurrency was just stolen by hackers, company says
Overview: "Tether, a start-up that offers dollar-backed digital tokens, claimed Monday that its systems had been hacked, according to cryptocurrency news site CoinDesk," CNBC reports. 
 
Author: Saheli Roy Choudhury   Web Site: www.cnbc.com   Date: 11/21/2017
Topics: General Security Awareness

Cisco, Interpol team up to share cybercriminal threat data
Overview: "Cisco and Interpol have announced a new agreement to share threat data on cybercriminal activities...On Tuesday, the tech giant and international law enforcement agency said that sharing threat intelligence between the parties will be the 'first step' in jointly tackling today's cybercrime," ZDNet reports. 
 
Author: Charlie Osborne   Web Site: www.zdnet.com   Date: 11/21/2017
Topics: Account Lockout, Security Monitoring

Massive US military social media spying archive left wide open in AWS S3 buckets
Overview: "Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing 'dozens of terabytes' of social media posts and similar pages – all scraped from around the world by the US military to identify and profile persons of interest," The Register reports. 
 
Author: Liam Tung   Web Site: www.theregister.co.uk   Date: 11/17/2017
Topics: Cloud Computing Security, Configuration Management

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS
Overview: "Chinese drone maker DJI left the private key for its dot-com's HTTPS certificate exposed on GitHub for up to four years, according to a researcher who gave up with the biz's bug bounty process," The Register reports. 
 
Author: Gareth Corfield   Web Site: www.theregister.co.uk   Date: 11/17/2017
Topics: Encryption, Key Management

Spam Bots Incorporated Star Wars Quotations into Attack Requests
Overview: "Several thousand spam bots incorporated quotations from a Star Wars novel into the attack messages they sent out to their targets," Tripwire reports. 
 
Author: David Bisson   Web Site: www.tripwire.com   Date: 11/16/2017
Topics: General Security Awareness

A Boeing 757 was hacked remotely while it sat on the runway
Overview: "The US Department of Homeland Security has revealed that a Boeing 757 airliner was successfully hacked as it sat on the runway at the airport in Atlantic City, New Jersey on September 19, 2016...But don’t panic too much. The hack of the legacy commercial airliner was an exercise conducted by a team of security professionals," Tripwire reports. 
 
Author: Graham Cluley   Web Site: www.tripwire.com   Date: 11/16/2017
Topics: General Security Awareness

Activists Hack ‘Secure’ ISIS Mailing List and Publish 2K Subscribers Online
Overview: "A group of Muslim activists hacked a ‘secure’ mailing list used by the ISIS terrorist group and published 2,000 of its email subscribers online," Tripwire reports. 
 
Author: David Bisson   Web Site: www.tripwire.com   Date: 11/13/2017
Topics: General Security Awareness