Ukraine blocked a cyber attack against a chlorine facility that is being attributed to Russia. Criminals tried using a variation of the VPNFilter malware which was detected and stopped.
Reported by Wired
Researcher INIT_6 discovered a problem with the ZOHO password manager. The exploit will decrypt the provisioning file that helps secure passwords and provides the plaintext password to open the vault.
Reported by init6.me
Airbnb is in breach of EU rules as they are not properly providing essential data to consumers using their services. Some additional transparency includes clear pricing, state ownership of the asset, and update their terms of service.
Reported by Euronews
Russian criminals used around $95,000 in Bitcoin to pay for the operations involved with the 2016 election manipulation. Services were used to track the criminal activity through both USA and Malaysia.
Reported by Quartz
Ticketmaster has fallen victim to a card skimming attack by the group Magecart who installed malicious code on 3rd party sites. It is believed Magecart e-commerce victims from this campaign total over 800.
Reported by The Register
At an average of 7.91 million, the US is the most expensive place for a company to have a data breach. Almost double the cost of a breach in other countries.
Reported by Forbes
Apple Engineer attempting to take trade secrets to China has been arrested. The theft was discovered after forensics was discovered on his laptop with download activity and confidential data.
Reported by Fortune
Malware has likely been added to another Linux distribution, Arch Linux, turning the machine into a pawn in a botnet. The Arch developers response points to the repo not being part of the main build but a user repository.
Reported by Nakedsecurity
Heartland is suing their security provider which did not detect malware or a breach that occurred over the course of two years. Despite multiple audits, they did not find malware and did not find fault with obvious gaps (lack of firewall and vendor passwords)
Reported by Bleeping Computer
Within 1 day, researchers discovered that iPhone’s still have a limited mechanism for brute force. Given certain devices attachments, while unlocked (within 1 hour), a password can still be brute forced.
Reported by Hackernews