Google+
Google+ suffered another massive data breach, which forced Google
to shut down its social network earlier than scheduled. A
vulnerability was discovered in one of Google+’s People APIs that
developers could exploit to steal private information on 52.5
million users. Read more: https://thehackernews.com/2018/12/google-plus-hacking.html
Marriott
China’s Ministry of State Security is believed to be behind the
Marriott breach that exposed the personal information of up to 500
million people. This information was revealed as the U.S.
Department of Justice was preparing to announce new indictments
against Chinese hackers working for the intelligence and military
services. Read more: https://www.cnet.com/news/chinese-spies-reportedly-behind-massive-marriott-hack/
Yandex Maps
Yandex Maps, a Russian online mapping service, unintentionally
revealed the secret locations of the foreign military bases it was
trying to obscure. When the company accidentally blurred the
precise locations of Turkish and Israeli military bases, it
pinpointed their exact locations. Read more: https://www.popularmechanics.com/military/a25461748/yandex-mapping-service-locates-secret-military-bases/
Saipem
The servers of Italian oil services firm Saipem were hit by a
cyberattack from India. The attack originated in Chennai, India and
affected servers in Saudi Arabia, the UAE, Kuwait and Scotland.
Read more: https://www.offshore-technology.com/news/saipem-middle-east-cyber-attack/
Albania
Albania posted sensitive information about its senior intelligence
operatives on the internet in what appears to be a security breach.
The records show the names and national identification card numbers
of agents in the State Intelligence Service who are operating
inside Albania and abroad. Read more: https://www.independent.co.uk/news/world/europe/albania-intelligence-data-posted-online-nato-defence-military-finance-security-a8672446.html
U.S. Navy Contractors
The U.S. Navy and the Air Force are considered choice targets for
hackers looking to steal military technology. Researchers found
that Chinese hackers breached third party contractors in the past
18 months. Read more: https://www.wsj.com/articles/u-s-navy-is-struggling-to-fend-off-chinese-hackers-officials-say-11544783401
Bomb Threats
Businesses, schools, government offices and individuals across the
U.S., New Zealand and Canada received emailed bomb threats last
Thursday. The emails were sent by scammers threatening to detonate
a bomb unless a bitcoin payment of $20,000 was paid. Read more:
https://thehackernews.com/2018/12/bomb-email-hoax-bitcoin.html
Adobe
Adobe patched 87 vulnerabilities in its Acrobat and Reader software
for both MacOS and Windows. This security update comes a week after
Adobe patched a critical zero-day in Flash Player that was actively
exploited in an attack against a Russian healthcare institution.
Read more: https://thehackernews.com/2018/12/adobe-acrobat-update.html
PayPal
A new banking Trojan is targeting Android users running the PayPal
app. The malware is disguised as a battery optimization tool that
is distributed via third-party app stores. If a user logs into the
PayPal app on a compromised device, the malware mimics the user’s
clicks and sends money to the attacker. To read more: https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
Microsoft
Microsoft patched a zero-day that was actively exploited by the
hacking groups FruityArmor and SandCat APTs. The zero-day is an
elevation-of-privilege (EoP) vulnerability found in the Windows
Kernel (ntoskrnl.exe). Read more: https://thehackernews.com/2018/12/microsoft-patch-updates.html
phpMyAdmin
Developers of PhpMyAdmin, one of the most the widely used MySQL
database management systems, are urging users to immediately patch
their systems due to a severe vulnerability. The vulnerabilities
include a local file inclusion bug, cross-site request forgery and
a cross-site scripting issue. Read more: https://thehackernews.com/2018/12/phpmyadmin-security-update.html
Facebook
Facebook disclosed a bug in its platform that enabled third-party
apps to access unpublished photos of 6.8 million users. The issue
was in the photo API, which gave developers access to photos shared
on Marketplace or Facebook Stories, as well as photos that were
uploaded to the site but not posted. To read more: https://threatpost.com/facebook-photos-exposed/139940/
WordPress
A week after releasing a major update, the WordPress team had to
push an updated security patch. The creators of Yoast SEO plugin
discovered that the activation screen for new users could end up
being indexed by Google. The leak has serious consequences if the
user is an admin. Read more: https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/
SQLite
A new SQLite flaw was discovered that could allow remote attackers
to execute malicious code on affected devices, leak program memory
or crash applications. SQLite is a popular disk-based relational
database management system. An updated version has been released to
address the issue. Read more: https://thehackernews.com/2018/12/sqlite-vulnerability.html
Tesla Model 3
A Redditor was able to gain root access to the infotainment system
in his Tesla Model 3. He was attempting to install Ubuntu to add
new functionality like being able to bring SSH into the car. Read
more: https://cleantechnica.com/2018/12/13/hacker-installs-linux-on-his-tesla-model-3/
Sign up below and receive these reports and more, directly in your inbox.