Cadre Information Security Report
11/17/2017
Breaches

Malaysian Police Identifies Suspects Behind Massive 46.2 Million Data Breach
Malaysian authorities announced today they had identified the possible authors of a massive data breach that took place a month ago and during which the personal details of 46.2 million Malaysians were put up for sale on the Dark Web and various forums. The breach came to light at the end of October when an anonymous user alerted Lowyat.net, a Kuala Lumpur-based tech site, about data belonging to millions of Malaysians being sold online on the Dark Web.
click to read full article...
Trends

Fake news ‘as a service’ booming among cybercrooks
Criminals are exploiting “fake news” for commercial gain, according to new research. Fake news is widely assumed to be political or ideological propaganda published to sway public opinion, but new research conducted by threat intel firm Digital Shadows and released on Thursday suggested fake news generation services are now aimed at causing financial and reputational damage for companies through disinformation campaigns.
click to read full article...
Software Updates

Oracle issues emergency patches for `JoltandBleed` vulnerabilities
Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected include Oracle PeopleSoft Campus Solutions, Human Capital Management, Financial Management, and Supply Chain Management, as well other product using the Tuxedo 2 application server.
click to read full article...
Malware

Zeus Spawn `Terdot` is a Banking Trojan with a Twist
A Zeus spinoff called Terdot, a banker trojan with espionage capabilities, has emerged as a highly customized man-in-the-middle (MITM) proxy, able to steal browsing information such as login credentials and stored credit-card information. According to an investigation by Bitdefender, the malware can notably inject HTML code into visited web pages to carry out MiTM attacks.
click to read full article...
Information Security

Poor security habits are the ideal recipe for a breach
A Preempt survey of more than 200 employees (management level or above) from enterprise companies of 1000 or more people, found that businesses are left exposed by employees who have more access to sensitive resources than they should and who follow poor security habits. Results from the survey concluded that employees have more access than they should, and a large majority of them have poor security habits even when they think they don’t.
click to read full article...
Bug that deleted $300m could have been fixed months ago
All of you unfortunate holders of frozen ether, there’s no sign of a thaw anytime soon… sorry. It wasn’t phrased that way, of course, but that was probably the most significant takeaway for holders of the cryptocurrency that uses the Ethereum blockchain after a lengthy “postmortem” issued on Wednesday by digital wallet company Parity Technologies Ltd.
click to read full article...
Exploits/Vulnerabilities

Amazon Key flaw makes entering your home undetected a possibility
Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service`s security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed. Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don`t necessarily resolve it.
click to read full article...
IoT Devices: The Gift that Keeps on Giving… to Hackers
You’ve probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the market and maybe even showing up in your own home. The sale of these “Internet-of-Things” (IoT) devices is expected to reach 600 million units this year[1] and, unfortunately, security has sometimes become a casualty of the race among manufacturers to be the first to sell these smart gadgets into millions of homes.
click to read full article...
Google Discloses Details of $100,000 Chrome OS Flaws
Google has made public the details of a code execution exploit chain for Chrome OS that has earned a researcher $100,000. In March 2015, Google announced its intention to offer up to $100,000 for an exploit chain that would lead to a persistent compromise of a Chromebox or Chromebook in guest mode via a web page. Prior to that, the company had offered $50,000 for such an exploit.
click to read full article...
On This Date...
  • ...in 1558, Elizabeth I was crowned Queen of England, marking the beginning of the Elizabethan era.
  • ...in 1869, the Suez Canal opens.
  • ...in 1942, American film director and screenwriter Martin Scorsese was born in Queens, New York.
  • ...in 1950, Tenzin Gyatso was enthroned as Tibet`s 14th Dalai Lama at the age of 15.
  • ...in 1973, in the midst of the Watergate scandal that eventually ended his presidency, President Richard Nixon tells a group of newspaper editors that he is "not a crook."

 Interested in keeping up with the latest headlines, summaries, and security news? Enter your email address to stay in the loop.


Subscribe to the IT Sec Report



Email Address: *