CYBERSPRESSO: PIPING HOT THREAT & ATTACK NEWS… GRAB A COFFEE, GET UPDATED

Why forgetting to change a FPT default password cost the US military dearly.

A hacker is selling sensitive US military documents online tracked down via Shodan. Sensitive information on military drones, explosive devices and tank details are just some of the data up for sale. The typical shadow IT attack event could have easily been prevented if the IT team would have implemented best practices and replaced the router’s default FTP credentials. Experts believe the information indicates the files were most likely taken from the Pentagon or a US army official. @campuscodi  More

Polar fitness app exposes geo-location data of thousands of soldiers and secret agents

The Finish-based fitness tracking app, in response, suspended its “Explore” map and denied any breach of private data. However an investigation claims that although the bulk of users chose to make their profiles private, an oversight made it possible to find details. The incident recalls the Strava fitness app disaster earlier this year, that exposed military personnel details in sensitive areas worldwide. @tomas_foltyn More:

Hackers steal $13.5 Million from Israeli Bancor exchange

Israeli-based decentralized cryptocurrency startup Bancor Exchange, was subject to a hack attack on Monday with losses reaching $13.5 million dollars.  The exchange reported that the hackers compromised a wallet facilitating cryptocurrency trading. The attackers then withdrew tokens worth millions of dollars. The upside for the exchange is a security feature that makes it possible to freeze fund transfers made by hackers to other wallets.   @securityaffairs ‏ More

Malicious software packages on arch Linux user repository

The Linux repository infection once again highlights why user-controlled software repositories cannot be trusted. Featuring user-submitted packages, it was only a matter of time till the repository was infected by malware. Research shows  a user named ‘xeactor hijacked an ‘orphaned’ package which functions as a PDF viewer, and added a malicious code. The malware was programmed to collect the data of the infected system and post it in a new file. After the malware was exposed, system changes were made and Xeator was suspended. @campuscodi   More

Adobe fixes over 100 vulnerabilities in latest security patch update

The extended update covered a slew of critical vulnerabilities in Reader, Acrobat, Flash and other popular software packages. Overall the company issued 112 vulnerability fixes for its products.  To date the bugs impacted Linux, macOS, Chrome OS, and Windows machines. Most of the vulnerabilities affected Adobe Acrobat and Adobe Reader and involved potential data leaks, arbitrary code execution, buffer errors and heap overflow security flaws. @SecurityCharlie. More 

Are we about to be slapped with a new CybersecurityAct by the European Union?

The EU just moved closer to stipulating new rules on cybersecurity certification and cooperation between countries, after the European parliament’s industry committee advanced a proposed Cybersecurity Act.  The committee, known as ITRE overwhelmingly voted through a report that will lay out the parliament’s stance on the law. The report is expected to clear the way for talks between EU members and the introduction of the new regulation.  @superglaze. More

Security Firm Trustwave sued for Failing to Detect Malware causing the 2008 Heartland mega breach

Security services firm Trustwave is being sued by insurers that set out to recover insurance fees paid to a customer, after the firm failed to detect malware on the client’s network, leading to one of the biggest security breaches this decade. This is the third time that Trustwave is being slapped with a law suit.  @campuscodi   More

What were the worst cybersecurity breaches so far this year?

The first six months of 2018 featured less dramatic government leaks and global ransomware attacks than last year, but that’s where the good news ends. Corporate security is lagging behind hacker’s advances, as state-backed hackers are getting bolder and more sophisticated. Top cybersecurity dramas that have captured the headlines so far include the Russian Grid Hacking, the spree of attacks on US universities and rampant data exposures.  @lilyhnewman  More