Security Roundup - 2016-09-21

Damage due to a breach doesn’t necessarily end after resetting user’s passwords. TalkTalk customers are being targeted by scammers who are using the personal information from the TalkTalk breach in order to better target their victims. Meanwhile, another 33 million user accounts have been dumped online, as QIP.ru data from 2009-2011 has surfaced.

One security researcher found a bug in Facebook Business Manager, allowing an attacker to take over any Facebook page. Facebook has fixed the issue, as well as another one they discovered in the process, and paid the researcher $16k as part of their bug bounty program.

Use WebEx? Might want to make sure that the servers you use are updated. Cisco recently patched WebEx to fix a remote command execution bug, as well as denial of service bugs. A number of bugs also exist for other Cisco products, which they have sent notifications for.

After last week’s announcement that Chrome will be flagging non-HTTPs sites as insecure, Troy Hunt decided to take the new settings for a spin and see how many sites would have warnings. The results will probably not surprise you.

Hosting sites on a shared server? Sucuri reminds us all that our security is only as strong as the weakest link, or only as strong as your weakest neighbour. Using a combination of attacks, they demonstrate how exploiting Wordpress on shared servers allows for cross contamination, pivoting further into whatever databases the compromised host has access to.

CryLocker has been making the rounds, as a ransomware that collects a bunch of metrics, including location and then dumps them to sites like imgur.com or pastebin.com.

Talos security indicates SPAM is back at 2010 levels. The culprit? Malware campaigns including either banking malware like Dridex, or ransomware like Locky.

TLS 1.3 should be finalized later this year, but that isn’t stopping larger organizations from trying it out. The latest adopter? Cloudflare, who has made it available for all their customers.

As always, Bleeping Computer has the best ransomware roundup. This week includes: The Shark Ransomware-as-a-Service platform being rebranded as Atom, plenty of new ransomware variants, and the trend of ransomware no longer using C&C nodes continuing.

Written on September 21, 2016