Issue 20

Word documents spotted in the wild with 0-day exploit, macro's don't have to be enabled

The security firm FireEye reported seeing a zero-day in use for Microsoft Word that infects you when you open the file, without requiring macro's to be enabled. Microsoft released a patch this Tuesday, April 11th.

arstechnica.com

 

Hacking attack woke up Dallas with emergency sirens

The tornado sirens of the city of Dallas were hacked last Friday night, causing all 156 of them to go off throughout the night.

nytimes.com

 

Lessons from top-to-bottom compromise of Brazilian bank

Kaspersky Lab researchers discovered that a Brazilian bank was completely hijacked, from website serving malware to corporate e-mail being shut down. All thanks to the fact that the attackers gained access to its DNS systems.

threatpost.com

 

BrickerBot results in permanent denial of service attack on IoT devices

This is a report of a 'PDOS', Permanent Denial of Service aka 'phlasing' being executed by malware called Brickerbot. It tries to enter an IoT device by Telnet brute-force (like Mirai), and then goes on to corrupt storage, break Internet connectivity and wipe files.

radware.com

 

Attackers can steal smartphone users' PINs by tapping into data collected by mobile sensors

Any website can ask for measurements of sensor data like motion and orientation information of mobile devices visiting them. Researchers show it can be used to determine one's PIN code.

helpnetsecurity.com

 

New insurance covers cyber risks for the wealthy

Interesting sign of the times: AIG is presenting a product in their 'wealthy people' portfolio around personal cybersecurity, covering damages for data breaches and offering prevention through security advise and audits of personal devices, personal networks, social media, etc.

cyberscoop.com

 

21 years later, experts connect the dots on one of the first cyber-espionage groups

Fun and interesting read on 'Moonlight Maze', a hacker group that's been around since the 90's.

bleepingcomputer.com

 

Personal note

This is the 20th issue of this little newsletter :-) I love writing them, and am pleasantly surprised by the positive feedback. Thanks for being a part of it!
If you want to spread the love, feel free to do a shoutout on Twitter or forward this newsletter to someone who might find it interesting. Thanks!

Dieter Van der Stock