Due to a bug in the API the attackers were able to get the phone numbers and e-mails of a lot of high-profile accounts. Now they are selling that information for $10 per account.
DragonFly is a group that has previously been seen hacking energy companies. Symantec discusses a second wave of attacks, which started late 2015. Europe and North America seem to be the primary targets.
There has been quite some commotion in the last year surrounding pacemaker security. Now the FDA has 'recalled' 465k patients to get their pacemaker patched.
It gives them the power to request the source code or other IP of any vendor that does business in China. It's either that or loose access to a huge market. One of many worries around this is that it gives China the ability to find exploits which they can then use in their own intelligence service.
Breaches and leaks
Grouped together to save space :-/
- The personal information of 2 million customers of electronics retailer CeX have been stolen. (link)
- The resumes of 9,400 job applications for a private security firm was out in the open in an unsecured s3 bucket. (link)
- Records of 4 million customers of Time Warner Cable was found in a publicly accessible 600Gb s3 bucket. (link)
Dieter Van der Stock
The chip is designed to secure Google's servers on the hardware level. It scans for any tampering with the hardware and will prevent the server from booting if anything out of the ordinary is detected. Hackernews discussion here.
It's not a full blown WAF (Web Application Firewall), instead it's more akin to AWS' security groups, i.e. allow or block access based on IP. Seems clean and easy to use.
They defaced the Wikileaks website, settling some feud they had in the past apparently. It was later made clear that there were no servers hacked, but that Ourmine took control of Wikileaks' DNS records.
The issue has since been patched. More information in the blogpost of the researcher.
If you use Apache Struts, especially if you have the Struts REST plugin installed, you'll want to update. A remote code execution vulnerability was found in the way it handles XML for data exchange. The article explains the problem nicely.
You'll probably want to update RubyGems. Although as the Hackernews thread points out, malicious gems will always be possible. Still, worth a look.
For those interested, a nice thread on Hackernews with some good information.
This isn't directly related to security per se, but I found it one of the more clarifying reads on GDPR so far. Its potential impact on companies like Facebook and Google is interesting to say the least.