Another news recap time, and some pretty big stuff this week, so I hope you enjoy. Also, just want to mention the “Security Tools” page is back up and running as well, so check it out.
- First, as part of their regular security monitoring practices, Netflix has discovered some user passwords floating around that seems to have been found as part of a breach of a different company. As a result, they are advising users to change their passwords.
- Read More @ https://nakedsecurity.sophos.com/2016/10/17/netflix-finds-users-passwords-floating-around-online-change-yours-now/
- The Romanian hacker “Guccifer” has been sent back to a Romanian prison following his sentencing. However, he will return to the U.S in 2018 to serve a 52 month sentence as well.
- Read More @ http://www.darkreading.com/careers-and-people/guccifer-sent-back-to-romanian-prison-/d/d-id/1327196
- In order to make sure Republicans don’t feel left out, it looks like Russian hackers have also hit the National Republican Senatorial Committee (NRSC). If you purchased anything through their website, or made a donation, there is a good possibility your credit card data might be compromised.
- Read More @ https://krebsonsecurity.com/2016/10/hackers-hit-u-s-senate-gop-committee/
- The biggest news this week, it looks like a massive DDoS on Dyn has had a big impact on some of the big services and sites like twitter, spotify and Reddit, causing a temporary outage. The attack seems to be about twice the size of the one that hit KrebsonSecurity prior.
- Read More @ https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/
- Next, another news of a breach, and a massive account credential dump. This time the affected services are “Weebly” and “Foursquare”. Around 43 million accounts were compromised.
- Read More @ http://thehackernews.com/2016/10/weebly-foursquare-data-breach.html
- Next, India seems to have suffered the biggest breach to date as 3.2 million debit cards were compromised through a massive ATM hack. The hack stems from the compromise of the Hitachi Point of Sale system used by several Indian banks.
- Read More @ http://thehackernews.com/2016/10/india-debit-card-hack.html
- Next, a look by Kaspersky at the Windows zero-day used in the FruityArmor APT campaign. The CVE-2016-3393, was used by these actors and this write up walks us through the details of the vulnerability.
- Read More @ https://securelist.com/blog/research/76396/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/
- Next, a Russian Hacker, supposedly responsible for the attack on LinkedIn in 2012, was arrested in Prague by Czech police. The name and other details are not being released yet, but the suspect was arrested at a hotel in Prague.
- Read More @ http://www.nytimes.com/2016/10/20/world/europe/prague-russian-hacker.html?_r=0