Microsoft confirms Outlook.com and Hotmail accounts were breached

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Between 1 January and 28 March this year hackers were able to access a “limited number” of consumer Outlook.com, Hotmail and MSN Mail email accounts, Microsoft has confirmed.

Read more

 

Top 5 Security News

Creator of Hub for Stolen Credit Cards Sentenced to 90 Months

Wipro Intruders Targeted Other Major IT Firms

Facebook: Yeah, we hoovered up 1.5 million email address books without permission. But it was an accident!

Weather Channel Knocked Off-Air in Dangerous Precedent

Are our infrastructures secure?

Photo by rawpixel.com from Pexels

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Read more

 

Top 5 Security News

WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

Google launches new security tools for G Suite users

Credential-stuffing attacks behind 30 billion login attempts in 2018

Android 7.0+ Phones Can Now Double as Google Security Keys

The right way to do AI in security

540 Million Facebook User Records Found On Unprotected Amazon Servers

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

It’s been a bad week for Facebook users.
First, the social media company was caught asking some of its new users to share passwords for their registered email accounts and now…

…the bad week gets worse with a new privacy breach.

More than half a billion records of millions of Facebook users have been found exposed on unprotected Amazon cloud servers.
The exposed datasets do not directly come from Facebook; instead, they were collected and unsecurely stored online by third-party Facebook app developers.

Read more

 

Top 5 Security News

Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation

Windows 10 Insider Build 18362.30 Released to Fix Boot Breaking Bug

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Privacy Is Just the First Step, the Goal Is Data Ownership

Broken Piggybank

Norsk Hydro lose more than NOK 300-350 millions in a week after attack

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

There’s not much news about what happened last week when Norsk Hydro was attacked by unknown cyber criminals on March 19, but the estimated costs is around NOK 300-350 million. While we don’t know exactly what happened it is confirmed that this was a ransomware virus spreading in their system, encrypting files and taking down critical systems. The ransomware in question is LockerGoga, and was officially first seen in January this year. It is unknown exactly how the virus was introduced in to Hydros systems, as the have not identified any phising-emails.

When LockerGoga has infected a system, it locks out all users from the system it just infected, and starts encrypting files. This means that it can be hard for users to even see the ransom-note that pops up on the desktop. LockerGoga also does not have any instructions on how to pay the ransom, but rather instructs the system-owner to make contact for payment and amount through email addresses.
So far this attack raises a lot of questions, as the modus operandi has never been seen before, with very sophisticated attacking capabilities and no clear agenda.
You can read more about the attack and LockerGoga on threatpost

Top 5 Security News

Change your Facebook password now!

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Oh, feet of clay!

Facebook has just admitted that it has found many places – hundreds of millions of places, maybe – where it saved users’ passwords to disk in raw, unencrypted form.

In jargon terms, they’re known as plaintext passwords and it means that instead of seeing a password scrambled into a hashed form such as 379f153­1753a7c43­ab4f4faace­212451, anyone looking at the stored data will see the actual password, right there, just like that.

Like that: 123456789, or that: mypassword99, or that: jw45X$/­6FsT8.

Read more

Top 5 Security News

Why phone numbers stink as identity proof

The European Copyright Directive: What Is It, and Why Has It Drawn More Controversy Than Any Other Directive In EU History?

Extracting bitlocker keys from a TPM

Norwegian phones sent personal information to China

Hackers take down Safari, Vmware and Oracle at Pwn2Own

Flaw in popular PDF creation library enabled remote code execution

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers.

You can interact with Docker via the terminal and also via remote API. The Docker remote API is a great way to control your remote Docker host, including automating the deployment process, control and get the state of your containers, and more. With this great power comes a great risk — if the control gets into the wrong hands, your entire network can be in danger.

Read more

Top 5 Security News

Backdoored GitHub accounts spewed secret sneakerbot software

RSAC 2019: TLS Markets Flourish on the Dark Web

Web Authentication: What It Is and What It Means for Passwords

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

How To Spoof PDF Signatures

Password Managers Are Worth the Risk, Readers Say

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Password managers are great. They combine security with convenience by storing all your credentials in one place, allowing you to use strong, complex passwords that you don’t have to remember.” wrote Forbes in an article last week.

Threatpost did a reader poll examined risk, vulnerabilities, 2FA, the human element, attitudes on spreadsheets and more when it comes to password managers.

Read more

Top 5 Security News

‘Thunderclap’ vulnerability could leave Thunderbolt computers open to attacks

Multiple threat actors are targeting Elasticsearch Clusters

In the cloud, things aren’t always what they SIEM: Microsoft rolls out AI-driven Azure Sentinel

Dow Jones Watchlist of risky businesses exposed on public server

A Second Life For The “Do Not Track” Setting – With Teeth

Microsoft IIS DoS, patch install not enough

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Microsoft announced a bug in the Internet Information Services (IIS) where malicious HTTP/2 packets would consume 100% CPU until restarted. Microsoft have published patches that would allow a MS IIS administrator to mitigate this vulnerability, but would not define any sane default values for the thresholds in question, so installation of the patch itself is not enough. The patch will only enable the options for setting threshold values, it will not set them. Luckily this is only an attack on availability, so you will know when you get attacked, and when the attack is over, a so called Denial of Service (DoS) attack. It will not affect confidentiality of data stored or integrity of the website published.

Read more

Top 5 Security News

 
 

Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

On November 30, 2018. nccgroup disclosed CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870. These were from vulnerabilities found back in August 2018 in several TLS libraries.

Read more

Top 5 Security News

Multi-factor authentication time?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

With billions of user credentials being freely distributed online it’s high time to implement multi-factor authentication as the default way to authenticate.

Wired has written an article about the magnitude of leaks:

“Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a patched-together set of breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes of stolen data and 25 billion records in all.”

Read more

Top 5 Security News