Issue 54

Andromeda botnet dismantled in international operation

The FBI, Europol, Microsoft and others worked together to take down the Andromeda botnet, which served about 80 malware species to an average of 1 million machines per month. Someone suspected of running the botnet was also arrested in Belarus.
europa.eu

 

EU sponsors bug bounty program for VLC Media Player

It's part of an initiative to bolster the security of open-source projects used by EU institutions. Apache HTTP Server and Keepass were previous beneficiaries. The project is hosted on HackerOne and has a total budget of €60.000.
bleepingcomputer.com

 

WhatsApp now supports two-step verification

When turned on, it will ask for a passcode. You can optionally enter an e-mail address in case you forget your passcode.
techcrunch.com

 

Russia wants to launch backup DNS system by August 1, 2018

They critize the fact that the US has too much control over the current DNS system, fearing that it gives them a big edge on cyber warfare.
bleepingcomputer.com

 

Personal data of 31 million AI.type keyboard app users exposed online

Not only were they negligent in security, as all data was exposed due to a misconfigured MongoDB instance, but it also seems they were collecting much more information than strictly needed.
hackread.com

 

TIO Networks breached; personal data of 1.6 million users impacted

TIO is a company that runs utility and bill payment kiosks in North America. The company is owned by Paypal, but their data is separate from Paypal's.
bleepingcomputer.com

 

111GB of personal information in public s3 bucket of a US credit repair company

Another week, another s3 bucket. This time with personal information on tens of thousands of people, including driver’s license and Social Security card images, financial reports, and more.
upguard.com

 

Blockchain Graveyard: list of cryptocurrency-related breaches

Currently the ticker is at 45 incidents. The creator also conveniently breaks down the root causes of the incidents.
github.io

 

Update all the things \o/

  • Apple released a bunch of updates, including one for MacOS that permanently fixes the IAmRoot bug: link
  • Google released updates to Android, fixing 47 vulnerabilities of which 10 are rated high, and shipped a separate patch for Pixel and Nexus phones for a vulnerability there: link
  • Cisco patched several vulnerabilities in its WebEx suite: link
  • HP released firmware patches for its enterprise printers to fix a remote code execution flaw: link
  • Two critical vulnerabilities were found and patches in the RSA authentication agent and SDK: link

 

Humble Book Bundle: Network & Security Certification

For those interested, another great Humble Bundle for books on networks and security. Paying $15 (or more) gives you 13 books!
humblebundle.com

Personal note: started a Hackernews newsletter

This one sends you a daily e-mail with all HN articles over x points.
Feel free to subscribe if that sounds handy :-)

Dieter Van der Stock

Sponsorship

Is your website hackable?

Use the dead accurate Netsparker web application security scanner to do the work for you, including eliminating false positives.
netsparker.com