Welcome to a Friday the 13th edition of the news recap :) I am currently doing this post while wearing a Jason mask. Feels right! Now let’s get to the stories!
- First story is about a XSS vulnerability found in the “Mr.Robot” season 2 website. For those who don’t know “Mr.Robot” is a show on USA Network that actually portrays hacking, and hackers, in an accurate way and has been critically acclaimed. The flaw was found and reported by a white hat hacker “Zemnmez ” and it was patched hours later. Good on them.
- Read More @ http://thehackernews.com/2016/05/hacker-mr-robot-season2.html
- A while back Brian Krebs reported that Wendy’s might have potentially suffered a PoS system breach, and now we have a confirmation straight from Wendy’s itself. During their earnings report they mentioned that a breach affecting up to 300 of their stores has occurred through compromised 3rd party vendor credentials.Not much in terms of details at the moment.
- Read More @ https://nakedsecurity.sophos.com/2016/05/12/wendys-admits-to-payment-card-malware-infection/
- A Windows 0-day has been responsible for hundreds of attacks on PoS systems. The zero day in question (CVE-2016-0167), has been used since March, and has been patched on April 12 by Microsoft. A detailed FireEye report looks at one group that leveraged the flaw in question to attack PoS systems.
- Read More @ https://www.fireeye.com/blog/threat-research/2016/05/windows-zero-day-payment-cards.html
- It wouldn’t be a security recap without the inevitable Java or Adobe related vulnerability, so here we are with another Flash 0-Day. FireEye discovered and reported the vulnerability to Adobe and it was patched in patch APSB16-15. FireEye report also details the vulnerability as well as how it is being exploited in the wild. Good Read.
- Read More @ https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
- Next, a story of a different note. A survey has found some interesting results in regards to the concerns of using online services by US web users. It seems like privacy and security concerns deterred about 50% of the people surveyed from online banking, shopping, etc. Seems like the high profile breaches are making their way into the mainstream mindset finally.
- Read More @ http://www.bbc.co.uk/news/technology-36285651
- Next, some bad news for “The Pirate Bay” as they have just lost their main domain in a court battle. The Swedish courts have ruled against the website and the ruling results in loss of “ThePiratebay.se” and “PirateBay.se” domains.
- Read More @ https://yro.slashdot.org/story/16/05/13/2220208/the-pirate-bay-loses-its-main-domain-name-in-court-battle
- So it looks like the attackers behind the attack on the Bangladesh bank have attacked a second bank now as SWIFT,the global Society for Worldwide Interbank Financial Telecommunications, warned.
- Read More @ http://thehackernews.com/2016/05/swift-bank-hack.html
- Mozilla has now also gotten in the fight with the FBI in order to compel the court to force the federal agency to disclose the details of the hack used to compromise the TOR browser. Mozilla is asking for the details of the vulnerability so that it can be patched prior to it becoming public knowledge.
- Read More @ https://yro.slashdot.org/story/16/05/12/2335232/mozilla-fights-fbi-in-court-for-details-on-tor-browser-hack
- The founder of “Liberty Reserve”, a website almost exclusively created to facilitate money laundering for criminals around the globe has been convinced to 20 years in prison. I will admit, I had no knowledge of this “bank” but good to see the guy behind it is behind bars.
- Read More @ http://www.securityweek.com/founder-online-underworld-bank-gets-20-years-prison
- Last story of the week is a bit of a history lesson detailing some of the biggest breaches of the past 10 years. Needless to say, there has been quite a few, especially in the past few years.
- Read More @ http://www.darkreading.com/endpoint/10-biggest-mega-breaches-of-the-past-10-years/d/d-id/1325374?_mc=RSS_DR_EDT&image_number=1