Microsoft
Microsoft accidentally left a Dynamics 365 TLS certificate and private key open. Unlike development and production servers, this sandbox gives admins RDP access. To read more: https://www.theregister.co.uk/2017/12/11/dynamics_365_sandbox_leaked_tls_certificates/
MoneyTaker
The newly discovered hacking group has successfully attacked more than 20 financial institutions, banks, software vendors and law firms worldwide. The group is linked to 16 victims in the US, one in the UK and three in Russia. To read more: http://www.zdnet.com/article/moneytaker-apt-steals-millions-from-us-uk-russian-banks/
Fox-IT
The Dutch security firm has announced that it suffered a cyberattack. The attacker was able to redirect emails going to the fox-it.com domain and inbound traffic to their ClientPortal. The weak link was Fox-IT’s domain registrar, which did not require two-factor authentication. To read more: https://www.grahamcluley.com/fox-it-dns-hack/
Update: Mirai Botnet
The co-authors of Mirai pled guilty to creating the malware back in 2016, which crippled portions of the internet. In addition, the authors also pled guilty to charges of using their botnet to conduct click-fraud. To read more: https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/
Language flaws
A researcher revealed serious flaws in the interpreters for five popular programming languages. Applications parsed by these languages are at risk. For example, Python has “undocumented methods and local environment variables that can be used for OS command execution.” To read more: http://www.zdnet.com/article/these-five-programming-languages-have-flaws-that-expose-apps-to-attack/
Starbucks
Starbucks has inadvertently been mining alt-coins on customers’ computers. An attacker was maliciously injecting Coin Hive’s code into web browsers via the free Starbucks wi-fi. To read more: https://www.theregister.co.uk/2017/12/12/starbucks_wifi_crypto_mining/
OSX.Pirrit
This adware was developed by an Israeli ad-tech firm and poses as a legitimate installer. The installer asks for users’ computer password to trick them into turning over root privileges. To read more: http://www.zdnet.com/article/maker-of-sneaky-mac-adware-sends-security-researcher-cease-and-desist-letter/
ROBOT
The ROBOT vulnerability, first identified in 1998, has resurfaced. It impacts many major websites such as Facebook to PayPal. With the vulnerability, attackers can decrypt encrypted data and sign communications using private keys. To read more: https://threatpost.com/19-year-old-tls-vulnerability-weakens-modern-website-crypto/129158/
Triton/Trisis
This family of malware is designed to compromise industrial-control systems. Specifically, it targets equipment sold by Schneider Electric, tampering with or disabling the company’s Triconex products. To read more: https://www.wired.com/story/triton-malware-targets-industrial-safety-systems-in-the-middle-east/
Sign up below and receive weekly breach reports directly in your inbox.