This week we could not publish any article due to my bad health so now let’s see the major stories of the past days in our weekly round-up. As always, the cyber-security landscape brings new challenges, so read on and keep yourselves informed!
Sometimes it’s hacking, sometimes it’s an extremely unfortunate series of events, coupled with negligence from the user’s part.
This was the case with the Heathrow Airport incident, where an unencrypted USB flash drive was found on a street. The flash drive contained highly sensitive information detailing airport security, anti-terror measures and VIP travel protocols.
Slack is one of the most popular communication platform nowadays, both for regular users and organizations, but you should also keep a close eye on it. The latest in a series of vulnerabilities is the ‘SAML’ flawed implementation, which affected mostly enterprise customers. Fortunately, Slack also has a generous bug bounty program, so this vulnerability was plugged.
In a twist of events, security researchers now consider the famous Reaper botnet a much smaller threat.
Experts around the world were extremely worried but now assess its size at 28.000 devices, much smaller than first reported. However, due to botnets’ nature, this number could rapidly expand again.
A phishing link made the rounds via Facebook Messengers in countries from Western Europe. It fooled users into thinking they’re clicking on a Youtube video, but redirected them through a series of shortened links to a compromised domain. Read on for the full details.
If you run a WordPress site using version 4.8.2 or earlier ones, please update it urgently! There versions are affected by an issue leaving users exposed to potential SQL injection (SQLi). The WordPress core was unaffected, but, as you know, plugins are always vulnerable.
Fifteen Malaysian telcos and mobile virtual network operators (MVNO) were compromised. The news came to light through Lowyat.net, an Internet forum and technology magazine. Editors received a tip that someone was attempting to sell several large databases of personal information on Lowyat.net’s forums.
A malicious Chrome extension is spreading in Brazil, and it’s capable of stealing everything typed inside a browser window. More alarmingly, a chief research officer at Morphus Labs said that Catch-All is the third extension of this type since August.
On November 1st, Bitcoin broke an all-time high, going over the $7000 threshold. Of course, so did malicious hackers’ efforts. A new bitcoin malware attack has co-opted more than $150,000 of this cryptocurrency, using the new attack strain called CryptoShuffler.
After infecting a device, it begins monitoring the clipboard activity. Because of convenience, many users copy and paste the recipient’s wallet ID into transaction destination fields.
CryptoShuffler then intercepts the copied walled string and replaces it with one sending Bitcoin directly to them.
It’s time to update, because Apple addressed the KRACK Wi-Fi vulnerability for some devices. It was a major one, which allowed malicious hackers to listen to Wi-Fi traffic for passwords and other personal data.
Oh, and there’s also a new emoji.
Want more lists? Here’s a huge one of all the attacks reported this October. We start November with fresh energy, it’s useful to see what went down the past month and identify trends. As this round-up from IT Governance shows, 55 million records leaked – an alarming, but somewhat predictable number.