Weekly Security Summary Around The World

This week we could not publish any article due to my bad health so now let’s see the major stories of the past days in our weekly round-up. As always, the cyber-security landscape brings new challenges, so read on and keep yourselves informed!

1.Unencrypted USB stick with 2.5GB of data detailing airport security found in street

Sometimes it’s hacking, sometimes it’s an extremely unfortunate series of events, coupled with negligence from the user’s part.

This was the case with the Heathrow Airport incident, where an unencrypted USB flash drive  was found on a street. The flash drive contained highly sensitive information detailing airport security, anti-terror measures and VIP travel protocols.

2.Slack plugs severe ‘SAML’ user authentication hole

Slack is one of the most popular communication platform nowadays, both for regular users and organizations, but you should also keep a close eye on it. The latest in a series of vulnerabilities is the ‘SAML’ flawed implementation, which affected mostly enterprise customers. Fortunately, Slack also has a generous bug bounty program, so this vulnerability was plugged.

3.Fear the Reaper? Experts reassess the botnet size and firepower

In a twist of events, security researchers now consider the famous Reaper botnet a much smaller threat.

Experts around the world were extremely worried but now assess its size at 28.000 devices, much smaller than first reported. However, due to botnets’ nature, this number could rapidly expand again.

4.Facebook Phishing Targeted iOS and Android Users from Germany, Sweden and Finland

A phishing link made the rounds via Facebook Messengers in countries from Western Europe. It fooled users into thinking they’re clicking on a Youtube video, but redirected them through a series of shortened links to a compromised domain. Read on for the full details.

5. WordPress 4.8.3 Security Release

If you run a WordPress site using version 4.8.2 or earlier ones, please update it urgently! There versions are affected by an issue leaving users exposed to potential SQL injection (SQLi). The WordPress core was unaffected, but, as you know, plugins are always vulnerable.

6. 46.2 Million Mobile Numbers Leaked Online after Malaysian Data Breach

Fifteen Malaysian telcos and mobile virtual network operators (MVNO) were compromised. The news came to light through Lowyat.net, an Internet forum and technology magazine. Editors received a tip that someone was attempting to sell several large databases of personal information on Lowyat.net’s forums.

7.Chrome users beware: A new ‘Catch-All’ extension could steal everything you type

A malicious Chrome extension is spreading in Brazil, and it’s capable of stealing everything typed inside a browser window. More alarmingly, a chief research officer at Morphus Labs said that Catch-All is the third extension of this type since August.

8. New Bitcoin Malware Attacks Copy and Paste Their Way to Co-Opted Currency

On November 1st, Bitcoin broke an all-time high, going over the $7000 threshold. Of course, so did malicious hackers’ efforts. A new bitcoin malware attack has co-opted more than $150,000 of this cryptocurrency, using  the new  attack strain called CryptoShuffler.

After infecting a device, it begins monitoring the clipboard activity. Because of convenience, many users copy and paste the recipient’s wallet ID into transaction destination fields.

CryptoShuffler then intercepts the copied walled string and replaces it with one sending Bitcoin directly to them. 

9. Apple releases macOS 10.13.1 and iOS 11.1 with a KRACK fix and new emoji

It’s time to update, because Apple addressed the KRACK Wi-Fi vulnerability for some devices. It was a major one, which allowed malicious hackers to listen to Wi-Fi traffic for passwords and other personal data.

Oh, and there’s also a new emoji. 

10. List of data breaches and cyber attacks in October 2017

Want more lists? Here’s a huge one of all the attacks reported this October. We start November with fresh energy, it’s useful to see what went down the past month and identify trends. As this round-up from IT Governance shows, 55 million records leaked – an alarming, but somewhat predictable number.

If you liked this post, you might enjoy our newsletter. Receive new articles directly in your inbox:

Yes I agree to receive emails from Defenx Solution

Subscribe our Youtube Channel

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Welcome to Defenx Solution

If you need any info or details please do connect with us through any medium below. We will try to get in touch with you as early as possible.

Contact Form

or reach me via these social channels

Contact Us