Topic   Web Sites   
German court says Facebook use of personal data is illegal
Overview: "Facebook’s default privacy settings and some of its terms of service fall afoul of the German Federal Data Protection Act, the Berlin Regional Court has found," Help Net Security reports
Author: Zeljka Zorz   Web Site:   Date: 2/13/2018
Topics: Data Privacy, Legal, Regulatory and Compliance

Zero-day vulnerability in Telegram
Overview: "Cybercriminals exploited Telegram flaw to launch multipurpose attacks...In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service," Kaspersky Lab researchers reported
Author: Alexey Firsh   Web Site:   Date: 2/13/2018
Topics: Vulnerability Management

Russian Nuclear Center engineers arrested for using supercomputers to mine cryptocurrency
Overview: "Employees at the Russian Federation Nuclear Center have been arrested on suspicion of using supercomputers at the facility to mine cryptocurrency," ZDNet reports. 
Author: Charlie Osborne   Web Site:   Date: 2/12/2018
Topics: General Security Awareness

‘Olympic Destroyer’ Malware Behind Winter Olympics Cyberattack, Researchers Say
Overview: "Winter Olympics officials have confirmed that a cyberattack occurred during the games’ opening ceremony on Feb. 9, but are remaining mum on the source of the attack. Researchers say the attack employed malware, dubbed Olympic Destroyer, that was written with the sole intention of destroying systems, not to steal data," Threatpost reports

Author: Christopher Kanaracus   Web Site:   Date: 2/12/2018
Topics: Malicious Software Controls

Wish you could log into someone's Netgear box without a password? Summon a &genie=1
Overview: "If you're using a Netgear router at home, it's time to get patching. The networking hardware maker has just released a tsunami of patches for a couple of dozen models of its kit," The Register reports
Author: Iain Thomson   Web Site:   Date: 2/9/2018
Topics: Network Security

Swisscom data breach exposes 800,000 customers
Overview: "Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers – most of whom were mobile subscribers," Tripwire reports. 
Author: Graham Cluley   Web Site:   Date: 2/8/2018
Topics: General Security Awareness, Third-party Security

Mission-critical system alert: 40-year-old OpenVMS hit by exploitable bug
Overview: "A patch is available for a privilege-escalation flaw affecting the 40-year-old OpenVMS operating system on hardware powered by ancient VAX and Alpha processors from Digital Equipment Corporation," ZDNet reports
Author: Liam Tung   Web Site:   Date: 2/7/2018
Topics: Vulnerability Management

NameCheap to Notify Customers of Misconfiguration Issue that Allowed Subdomain Creation on Any Hosted Account
Overview: "NameCheap has said it intends to notify customers of a misconfiguration issue that allowed customers to create subdomains for any hosted account," Tripwire reports
Author: David Bisson   Web Site:   Date: 2/7/2018
Topics: Configuration Management, Vulnerability Management

Accused Brit hacker Lauri Love will NOT be extradited to America
Overview: "Accused hacker Lauri Love will not be extradited to United States to stand trial, the High Court of England and Wales ruled today," The Register reports. 
Author: Gareth Corfield   Web Site:   Date: 2/5/2018
Topics: Legal, Regulatory and Compliance

LuminosityLink spyware giving attackers total control of your PC is taken out by cops
Overview: A RAT is taken down: "The UK's National Crime Agency says it's disabled a widely-used remote-access trojan (RAT) that was used across 78 countries and sold to over 8,600 buyers...The RAT, dubbed LuminosityLink, surfaced in mid-2015 and was marketed as a legitimate tool for Windows administrators and business owners...," ZDNet reports
Author: Liam Tung   Web Site:   Date: 2/5/2018
Topics: Malicious Software Controls

AMD vs Spectre: Our new Zen 2 chips will be protected, says CEO
Overview: "AMD has said it has made changes to its forthcoming Zen 2 chips to protect them against Spectre-style flaws," ZDNet reports. 
Author: Steve Ranger   Web Site:   Date: 1/31/2018
Topics: Vulnerability Management

Man Arrested for Allegedly Hacking Car-Sharing Company Database
Overview: "Australian law enforcement officers have arrested a man for allegedly hacking the company database of a car-sharing service," Tripwire reports. 
Author: David Bisson   Web Site:   Date: 1/31/2018
Topics: General Security Awareness

Millions of Fortune 500 email credentials found on the dark web
Overview: "About 10 percent of the email credentials of all those employed at Fortune 500 companies have been leaked on the dark web, according to a new study," SC Magazine reports. 
Author: Doug Olenick   Web Site:   Date: 1/30/2018
Topics: General Security Awareness

Bitcoin exchange robbed by real-life bank robbers with real-life guns
Overview: "Last week, on Tuesday morning, three armed men entered the office of an Ottawa Bitcoin exchange, Canadian Bitcoins, where they tied up four employees and demanded Bitcoins," Naked Security reports. 
Author: Lisa Vaas   Web Site:   Date: 1/30/2018
Topics: General Security Awareness

Microsoft releases emergency Windows update to hamstring earlier 'Spectre' defense
Overview: "Intel urged customers not to deploy firmware updates aimed at the Spectre and Meltdown flaws because the updates caused system instability; Microsoft reacted with its own release – KB4078130 – on Saturday," Computerworld reports. 
Author: Gregg Keizer   Web Site:   Date: 1/29/2018
Topics: Patch Management, Vulnerability Management

Intel alerted Chinese cloud giants 'before US govt' about CPU bugs
Overview: "Intel warned Chinese firms about its infamous Meltdown and Spectre processor vulnerabilities before informing the US government, it has emerged," The Register reports. 
Author: John Leyden   Web Site:   Date: 1/29/2018
Topics: Vulnerability Management

Ploutus.D Malware Variant Used in U.S.-based ATM Jackpotting Attacks
Overview: "The United States Secret Service issued a warning on Friday to financial institutions citing 'credible information' about 'planned' attacks against U.S. cash machines using malware that can quickly drain ATM machines dry of cash," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 1/29/2018
Topics: General Security Awareness, Malicious Software Controls

Microsoft calls for 'new Digital Geneva Convention' after spate of high-profile cyberattacks
Overview: "Microsoft is pushing for a new set of global norms to try and police government activity in cyberspace, following a spate of high-profile cyberattacks," CNBC reports. 
Author: Sam Meredith   Web Site:   Date: 1/26/2018
Topics: Legal, Regulatory and Compliance

Reddit rolls out 2FA to all its users
Overview: "Reddit, the so-called “front page of the internet”, has some important news for its 250 million registered users.You can now secure your Reddit account with two-factor authentication (2FA)," Tripwire reports. 
Author: Graham Cluley   Web Site:   Date: 1/25/2018
Topics: Authentication, Password Management System, Password Usage

Engineering Firm Pays $1.3K after Ransomware Affects Servers, Backups
Overview: "An engineering firm in Canada has paid attackers $1,300 after ransomware encrypted its servers along with its data backup system," Tripwire reports. 
Author: David Bisson   Web Site:   Date: 1/23/2018
Topics: Malicious Software Controls, Social Engineering (e.g., phishing)

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers
Overview: "Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 1/22/2018
Topics: Application Security, Mobile Device Security

Hacker Infects Gas Pumps with Code to Cheat Customers
Overview: "Authorities in Russia have broken up a widespread scheme involving dozens of gas-station employees who used software programs on electronic gas pumps to con customers into paying for more fuel than then actually pumped into their tank. The scam shorted customers between 3-to-7 percent per gallon of gas pumped," Threatpost reports. 
Author: Tom Spring   Web Site:   Date: 1/21/2018
Topics: General Security Awareness

Man pleads guilty to launching DDoS attacks against former employers
Overview: "A man from New Mexico has admitted to launching distributed denial-of-service (DDoS) attacks against former employers, as well as possessing a firearm illegally," ZDNet reports. 
Author: Charlie Osborne   Web Site:   Date: 1/18/2018
Topics: Legal, Regulatory and Compliance

Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromised
Overview: "Hackers have breached the systems of the Southern and Eastern Norway Regional Health Authority (Helse Sør-Øst RHF), and possibly made off with personal information and health records of some 2.9 million Norwegians," Help Net Security reports. 
Author: Zeljka Zorz   Web Site:   Date: 1/18/2018
Topics: Data Loss Prevention (DLP), General Security Awareness

Beware! A new bug can crash iOS and macOS with a single text message
Overview: "Abraham Masri, a Twitter user with the rather wonderful handle of @cheesecakeufo, has shared publicly a malicious link that is capable of crashing iOS and macOS when received through Apple's Messages app," Graham Cluley reports. 
Author: Graham Cluley   Web Site:   Date: 1/17/2018
Topics: Mobile Device Security