Good to be back, after a week out, but now back to the news. Some good stuff this week, so I hope you enjoy it!
- First, it looks like Ubuntu forums were breached due to an SQL Injection vulnerability. They are advising users to change their passwords, even though the passwords were hashed and salted, which means they should be more difficult to crack. The breach seems to only affect the forums, and not anything else.
- Read More @ https://threatpost.com/two-million-passwords-breached-in-ubuntu-hack/119335/
- Next, an interesting article from Krebs on Security about the Carbanak gang, which has so far been responsible for stealing of over a billion dollars from banks. This article examines a potential connection the gang might have to a Russian security firm “Infokube”. Very interesting read.
- Read More @ http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/
- Wikileaks has been under a sustained attack as a result of announcing the release of the documents relating to the Turkish government, who was in the spotlight after the failed coup attempt that took place.
- Read More @ https://nakedsecurity.sophos.com/2016/07/19/wikileaks-suffers-sustained-attack-after-announcing-release-of-turkish-government-docs/
- Continuing the theme, it looks like the Library of Congress was under a DDoS attack as well, rendering several related websites inaccessible. At the moment, normal operation has been restored.
- Read More @ http://fedscoop.com/library-of-congress-ddos-attack-2016
- Next, some privacy news. It looks like government requests for user data hit an all time high in the second half of 2015. Most of the requests were by the U.S government. This is an alarming, though unsurprising trend. I imagine it will only continue to rise.
- Read More @ http://www.zdnet.com/article/google-government-requests-for-user-data-hit-all-time-high-in-second-half-of-2015/
- Next, the inevitable news of another breach. Cici’s Pizza suffered a Credit Card breach at over 130 different locations. We mentioned the early rumors of the breach about a month or so ago, but finally there is official confirmation and additional details. Great write up from Krebs, as usual.
- Read More @ http://krebsonsecurity.com/2016/07/cicis-pizza-card-breach-at-130-locations/
- New regulation that just went into effect in China seem to have all but banned the use of AdBlocking software. This language was buried in the regulation meant to address the digtial ad industry in China, and it looks like the Chinese government also wants control over ad blocking as well.
- Read More @ https://yro.slashdot.org/story/16/07/20/2138233/china-bans-ad-blocking
- Looks like Snowden is getting into the iPhone case business. Rather, he seems to be working on an iPhone case design that would detect and block wireless snooping. The idea is to help protect journalists, activists, etc. from being located due to their use of their cell phone. Snowden is working with a well known hardware hacker Andrew Huang and hopes to have a prototype developed over the next year.
- Read More @ http://thehackernews.com/2016/07/snowden-iphone-hacking.html
- Several vulnerabilities were discovered in the Dell SonicWALL products. Mainly int he GMS platform used to centrally manage SonicWALL devices. Supposedly, DELL has issued a hot fix. If you are using these appliances, make sure they are updated folks.
- Read More @ http://www.securityweek.com/critical-flaws-found-dell-sonicwall-product
- Last story of the week is a fun one. Mikko Hypponen, a well known security researcher has created what he calls a Malware Museum. An online collection of old school viruses active in the 1980s and 1990s. Very cool project, so check it out if you are interested in the history of malware.
- Read More @ http://www.geektech.in/malware-museum-an-online-collection-of-old-school-viruses/