A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      90% of the SAP customers exposed to hack due to 13 Year-Old configuration flaw
·      Firefox 60 supports Same-Site Cookies to prevent CSRF attacks
·      Ops … Why is Facebook interested in my culinary tastes on Faasos portal?
·      Researchers discovered the control console of a ski lift in Austria open online
·      New Bezop Cryptocurrency (BEZ) leaks Personal details for 25k users
·      Op GhostSecret – ThaiCERT seized a server used by North Korea Hidden Cobra APT group in the Sony Picture hack
·      Oracle botches CVE-2018-2628 patch and hackers promptly start scanning for vulnerable WebLogic installs
·      SamSam operators switch tactic and are more focused on targeted organizations
·      Critical RCE vulnerability found in over a million GPON Home Routers
·      FacexWorm targets cryptocurrency users and spreads through Facebook Messenger
·      The NATO team is the winner of the cyber defence exercise Locked Shields 2018
·      WhatsApp co-founder Jan Koum to leave Facebook amid privacy concerns
·      Cambridge Analytica is shutting down after Facebook privacy scandal, is it true?
·      CVE 2018-8781 Privilege Escalation flaw was introduced in Linux Kernel 8 years ago
·      GitHub urged some users to reset their passwords after accidental recorded them
·      Man who hacked computer system of Washtenaw County Jail to alter inmate records gets 7-Years in prison
·      Mysterious findings emerged from the analysis of the SiliVaccine North Koreas antivirus software
·      Australias Commonwealth Bank lost 20 Million customer records
·      CVE-2018-2879 – Vulnerability in Oracle Access Manager can let attackers impersonate any user account
·      Fancy Bear abuses LoJack security software in targeted attacks
·      Microsoft addressed critical flaw in Windows Host Compute Service Shim library
·      Schneider Electric Development Tools InduSoft Web Studio and InTouch Machine Edition are affected by a critical buffer flaw
·      Twitter urges its 330 million users to change passwords after bug exposed them in plain text
·      A bug in GandCrab ransomware V3 accidentally locks systems running Windows 7
·      GLitch attack, Rowhammer attack against Android smartphones now leverages GPU
·      Meltdown patch made the headlines again, it can be bypassed in Windows 10
·      Phishing campaign aimed at Airbnb users leverages GDPR as a bait
·      Spectre-NG – Researchers revealed 8 new varieties of the Spectre flaws
·      The Pentagon bans Huawei and ZTE phones from stores on military bases

 

Pierluigi Paganini

(Security Affairs – Newsletter)


The post Security Affairs newsletter Round 161 – News of the week appeared first on Security Affairs.