A hacker allegedly used a vulnerability in MySQL to steal Attack.Databreach 6.5 million emails and poorly encrypted passwords from Dueling Network , a card game in the style of Yu-Gi-Oh , announced Motherboard . The website ’ s forum has been kept online , although Dueling Network was shut down in 2016 following a cease-and-desist order . The request was made by a law firm on behalf of the animation company holding the rights to Yu-Gi-Oh . “ Only our forum site was still up as a way for our users to communicate with each other ( login used DN [ Dueling Network ] credentials ) , ” an administrator wrote in an email to Motherboard . “ Now that is down and warns users to change passwords on any other sites they may have used the same password on. ” The passwords were hashed with the MD5 algorithm , known to have extensive vulnerabilities that allow hackers to get Attack.Databreach plaintext passwords . A company administrator said not all stolen emails and passwords are associated with individual players , as some accounts appear to be duplicates .

A hacker claims to have managed to get Attack.Databreach his hands on 6.5 million email addresses and poorly hashed passwords pertaining to users of Dueling Networks , a now-dead Flash game that 's based on the Yu-Gi-Oh trading card game . Dueling Network shut down in 2016 , but its site 's forum carried on until recently . `` Only our forum site was still up as a way for our users to communicate with each other ( login used Dueling Network credentials ) . Now that is down and warns users to change passwords on any other sites they may have used the same password on , '' a site admin told Motherboard . The hacker made away with at least 6.5 million accounts , although the site admin claims that not all those necessarily correspond to individual players , as many of the accounts may have been duplicates owned by the same user , or were never actually logged in . `` This number is inflated , '' the site admin claims . `` Weak password hashing makes them readable in plaintext '' The data trove the hacker got its hands on includes email addresses and passwords hashed with MD5 , which is pretty much useless at this point . This means that hackers are quite likely able to see all the passwords in plaintext , which is bad news for anyone who reuses those passwords for any accounts linked to the same email addresses . Black Luster Soldier , the admin of Dueling Network , believes the hacker used a vulnerability in MySQL to obtain Attack.Databreach the data , although nothing is confirmed at this point . Regardless of how the hack happened , users are advised to change their passwords for any other services they use the same credentials as on Dueling Network .

Intel has issued Vulnerability-related.PatchVulnerability fresh `` microcode revision guidance '' that reveals it won ’ t address Vulnerability-related.PatchVulnerability the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it 's too tricky to remove the Spectre v2 class of vulnerabilities . The new guidance , issued April 2 , adds a “ stopped ” status to Intel ’ s “ production status ” category in its array of available Meltdown and Spectre security updates . `` Stopped '' indicates there will be no microcode patch to kill off Vulnerability-related.PatchVulnerability Meltdown and Spectre . The guidance explains that a chipset earns “ stopped ” status because , “ after a comprehensive investigation of the microarchitectures and microcode capabilities for these products , Intel has determined to not release Vulnerability-related.PatchVulnerability microcode updates for these products for one or more reasons. ” Those reasons are given as : Micro-architectural characteristics that preclude a practical implementation of features mitigating Vulnerability-related.PatchVulnerability [ Spectre ] Variant 2 ( CVE-2017-5715 ) Limited Commercially Available System Software support Based on customer inputs , most of these products are implemented as “ closed systems ” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities . Thus , if a chip family falls under one of those categories – such as Intel ca n't easily fix Vulnerability-related.PatchVulnerability Spectre v2 in the design , or customers do n't think the hardware will be exploited Vulnerability-related.DiscoverVulnerability – it gets a `` stopped '' sticker . To leverage the vulnerabilities , malware needs to be running on a system , so if the computer is totally closed off from the outside world , administrators may feel it 's not worth the hassle applying messy microcode , operating system , or application updates . `` Stopped '' CPUs that won ’ t therefore get Vulnerability-related.PatchVulnerability a fix are in the Bloomfield , Bloomfield Xeon , Clarksfield , Gulftown , Harpertown Xeon C0 and E0 , Jasper Forest , Penryn/QC , SoFIA 3GR , Wolfdale , Wolfdale Xeon , Yorkfield , and Yorkfield Xeon families . The new list includes various Xeons , Core CPUs , Pentiums , Celerons , and Atoms – just about everything Intel makes . Most the CPUs listed above are oldies that went on sale between 2007 and 2011 , so it is likely few remain in normal use . There ’ s some good news in the tweaked guidance : the Arrandale , Clarkdale , Lynnfield , Nehalem , and Westmere families that were previously un-patched Vulnerability-related.PatchVulnerability now have working fixes available Vulnerability-related.PatchVulnerability in production , apparently . “ We ’ ve now completed release Vulnerability-related.PatchVulnerability of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered Vulnerability-related.DiscoverVulnerability by Google Project Zero , '' an Intel spokesperson told The Reg . `` However , as indicated in our latest microcode revision guidance , we will not be providing Vulnerability-related.PatchVulnerability updated microcode for a select number of older platforms for several reasons , including limited ecosystem support and customer feedback. ” Now all Intel has to do is sort out a bunch of lawsuits , make sure future products don ’ t have similar problems , combat a revved-up-and-righteous AMD and Qualcomm in the data centre , find a way to get PC buyers interested in new kit again , and make sure it doesn ’ t flub emerging markets like IoT and 5G like it flubbed the billion-a-year mobile CPU market .

Struts bugs , Umbrella misconfig and router Guest accounts fixed Vulnerability-related.PatchVulnerability . Cisco has issued security alerts Vulnerability-related.DiscoverVulnerability for 30 vulnerabilities across a range of its products and services , with three being ranked Vulnerability-related.DiscoverVulnerability as critical and remotely exploitable . Some 20 different Cisco products contain Vulnerability-related.DiscoverVulnerability a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems . Of these , 18 are not vulnerable Vulnerability-related.DiscoverVulnerability to any exploitation vectors for the Struts flaw , Cisco said Vulnerability-related.DiscoverVulnerability . Five Cisco products , SocialMiner , Identity Services Engine , Finesse , Unified Contact Centre Enterprise and the Video Distribution Suite for Internet Streaming have received Vulnerability-related.PatchVulnerability patches for the Struts vulnerability . Cisco 's cloud-hosted Network Performance Analysis service is yet to get Vulnerability-related.PatchVulnerability a Struts update though . A critical flaw in the application programming interface ( API ) for Cisco 's cloud-based Umbrella allowed attackers to view and potentially modify data across multiple organisations using the secure internet gateway service . The vulnerability stems from insufficient authentication configurations for the Umbrella API , and has been patched Vulnerability-related.PatchVulnerability by Cisco with no user action required . Two high-impact vulnerabilities in the Umbrella Enterprise Roaming Client and Enterprise Roaming Module that could be exploited Vulnerability-related.DiscoverVulnerability by attackers to elevate user privileges to Administrator level have also been patched Vulnerability-related.PatchVulnerability by Cisco . A third critical vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to run code remotely on the Cisco RV110W VPN firewall and RV130W and RV215W wireless VPN routers , or freeze the devices in denial of service attacks . Patches for the vulnerability address Vulnerability-related.PatchVulnerability an improper boundary restriction on input via the Guest user account in the devices ' web-based remote management interface , Cisco said . Cisco also patched Vulnerability-related.PatchVulnerability three high impact vulnerabilities in the above network devices , which could be exploited Vulnerability-related.DiscoverVulnerability to remotely execute arbitrary commands and read sensitive information on them . Of the thirty vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability , 13 are ranked Vulnerability-related.DiscoverVulnerability as high impact .

Adobe has emitted Vulnerability-related.PatchVulnerability software updates to address Vulnerability-related.PatchVulnerability a critical vulnerability in Flash Player for Windows , Mac , and Linux . PC owners and admins will want to upgrade Vulnerability-related.PatchVulnerability their copies of Flash to version 31.0.0.153 or later in order to get Vulnerability-related.PatchVulnerability the patch – or just dump the damn thing all together . The November 20 security update addresses Vulnerability-related.PatchVulnerability a single flaw , designated Vulnerability-related.DiscoverVulnerability CVE-2018-15981 . It is a type confusion bug that can be exploited Vulnerability-related.DiscoverVulnerability to achieve remote code execution . Basically , an attacker could slip the exploit code into a Flash .swf file , put it on a web page , and covertly install malware on any vulnerable machine that visits the page . Because Adobe does not maintain a fixed patching schedule Vulnerability-related.PatchVulnerability for Flash Player , this is n't technically considered an out-of-band band-aid . However , the update does come Vulnerability-related.PatchVulnerability just one week after Adobe pushed out Vulnerability-related.PatchVulnerability a handful of fixes for Patch Tuesday , including one for an information disclosure vulnerability in Flash Player . That Adobe would post Vulnerability-related.PatchVulnerability another update just one week after their last patch should underscore that CVE-2018-15981 is a serious enough vulnerability to be a priority fix Vulnerability-related.PatchVulnerability for users and admins . After installing Vulnerability-related.PatchVulnerability this latest fix , those who are tired of the constant security threats might also want to consider taking the advice of multiple security experts and developers and at least disable Flash by default if not permanently . The notoriously vulnerable plugin has long since been surpassed by HTML5 , and most major websites have already transitioned away from Flash , leaving it only really useful for specific sites and applications . Even Adobe wants to kill off Flash . The Photoshop giant has said that by 2020 it plans to formally retire the plugin once and for all .

Merely a day after rolling out Vulnerability-related.PatchVulnerability the December 2018 security patch early , Samsung has now revealed Vulnerability-related.PatchVulnerability the details of the latest security maintenance release . The Galaxy Xcover 4 is the first smartphone to get Vulnerability-related.PatchVulnerability this update . Samsung will be releasing Vulnerability-related.PatchVulnerability the patch for more compatible devices in the coming weeks . It has detailed the contents of this patch as part of its monthly security maintenance release process . The update includes patches from Google for Android in addition to patches from Samsung for its custom software . The December 2018 security patch has fixes for six critical vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in the Android operating system . The most severe vulnerability in the framework section could enable a malicious app to run unapproved code in the context of a privileged process . However , no moderate or low-risk vulnerabilities were required to be patched Vulnerability-related.PatchVulnerability in this latest security maintenance release . The update Vulnerability-related.PatchVulnerability does bring Vulnerability-related.PatchVulnerability quite a patches for 40 Samsung Vulnerabilities and Exposures ( SVE ) items . This includes a vulnerability in the Secure Folder app which could have allowed access without authentication . Another vulnerability in the app could have resulted in the exposure of the gallery app without authentication . Therefore , Samsung will now get down to the business of rolling out Vulnerability-related.PatchVulnerability the December 2018 security patch to supported devices . We should expect some handsets to start receiving it within the next few days . The company may start rolling it out to high-end devices first .

Oracle has released Vulnerability-related.PatchVulnerability a wide-ranging security update to address Vulnerability-related.PatchVulnerability more than 300 CVE-listed vulnerabilities in its various enterprise products . The October release covers the gamut of Oracle 's offerings , including its flagship Database , E-Business Suite , and Fusion Middleware packages . For Database , the update addresses Vulnerability-related.PatchVulnerability a total of three flaws . Two of the vulnerabilities ( CVE-2018-3259 and CVE-2018-3299 ) can be remotely exploited Vulnerability-related.DiscoverVulnerability without authentication , while the third , CVE-2018-7489 , would require the user to have a Rapid Home Provisioning account to execute and is considered by far the least severe of the three . Oracle noted Vulnerability-related.DiscoverVulnerability that all three bugs only impact Vulnerability-related.DiscoverVulnerability the server versions of Database , user clients are not considered to be vulnerable Vulnerability-related.DiscoverVulnerability . For Fusion Middleware , the update will include a total of 56 CVE-listed flaws , including 12 that are remotely exploitable with CVSS base scores of 9.8 , meaning an exploit would be fairly easy to pull off and offer near total control of the target machine . Of those 12 , five were for critical flaws in WebLogic Server . Java SE will get Vulnerability-related.PatchVulnerability 12 security fixes , with all but one being for remotely exploitable vulnerabilities in that platform . Oracle notes Vulnerability-related.DiscoverVulnerability that though the CVSS scores for the flaws are fairly high , Solaris and Linux machines running software with lower user privileges will be considered to be at a lower risk than Windows environments that typically operate with admin privileges . MySQL was the target of 38 CVE-listed bug fixes this month , through just three of those are remotely exploitable . The two most serious , CVE-2018-11776 and CVE-2018-8014 , concern remote code flaws in MySQL Enterprise Monitor . PeopleSoft will see 24 bug fixes , 21 of which can be remotely targeted and seven that would not require any user interaction . Just one of the 24 flaws was given a CVSS base score higher than 7.2. in the Oracle listing . Sun products were the subject of 19 security fixes , including two remote code execution flaws in XCP Firmware . libssh bug more like `` oh SSH… '' Once admins get Vulnerability-related.PatchVulnerability the Oracle patches in place , they will want to take a close look at the write-up for CVE-2018-10933 , an authentication bypass for libssh that would allow an attacker to get into a target machine by sending a `` SSH2_MSG_USERAUTH_SUCCESS '' message when it expects a `` SSH2_MSG_USERAUTH_REQUEST '' message . That means any miscreant can log in without a password or other credential . As you can imagine , this is a very bad thing . Fortunately , the bug does not affect OpenSSH – and thus does not affect the hugely widespread sshd and ssh tools – but rather applications , such as KDE and XMBC , that use libssh as a dependency .

After scrambling to patch Vulnerability-related.PatchVulnerability a critical vulnerability late last month , Drupal is at it again . The open source content management project has issued Vulnerability-related.PatchVulnerability an unscheduled security update to augment its previous patch for Drupalgeddon2 . There was also a cross-site scripting bug advisory in mid-April . The latest Drupal core vulnerability , designated Vulnerability-related.DiscoverVulnerability , SA-CORE-2018-004 and assigned Vulnerability-related.DiscoverVulnerability CVE-2018-7602 , is related to the March SA-CORE-2018-002 flaw ( CVE-2018-7600 ) , according to the Drupal security team . It can be exploited Vulnerability-related.DiscoverVulnerability to take over a website 's server , and allow miscreants to steal information or alter pages . `` It is a remote code execution vulnerability , '' explained a member of the Drupal security team in an email to The Register . `` No more technical details beyond that are available . '' The vulnerability affects Vulnerability-related.DiscoverVulnerability at least Drupal 7.x and Drupal 8.x . And a similar issue has been found Vulnerability-related.DiscoverVulnerability in the Drupal Media module . In a blog post from earlier this month about the March patch , Dries Buytaert , founder of the Drupal project , observed Vulnerability-related.DiscoverVulnerability that all software has security issues and critical security bugs are rare . While the March bug is being actively exploited Vulnerability-related.DiscoverVulnerability , the Drupal security team says it 's unaware of any exploitation of the latest vulnerability . But it wo n't be long – those maintaining the project observed automated attacks appearing about two weeks after the SA-CORE-2018-002 notice . The fix is to upgrade Vulnerability-related.PatchVulnerability to the most recent version of Drupal 7 or 8 core . The latest code can be found at Drupal 's website . For those running 7.x , that means upgrading to Drupal 7.59 . For those running , 8.5.x , the latest version if 8.5.3 . And for those still on 8.4.x , there 's an upgrade to 8.4.8 , despite the fact that as an unsupported minor release , the 8.4.x line would not normally get Vulnerability-related.PatchVulnerability security updates . And finally , if you 're still on Drupal 6 , which is no longer officially supported , unofficial patches are being developed Vulnerability-related.PatchVulnerability here . Drupal users appear to be taking the release in stride , though with a bit of grumbling . `` Drupal Wednesday looks like the new Windows patch day , '' quipped designer Tom Binroth via Twitter . `` I would rather spend my time on creating new stuff than patching Vulnerability-related.PatchVulnerability Drupal core sites . ''

For the second time in roughly a year , D-Link has failed to act on warnings Vulnerability-related.DiscoverVulnerability from security researchers involving the company ’ s routers . The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted Vulnerability-related.DiscoverVulnerability D-Link last May about three vulnerabilities affecting Vulnerability-related.DiscoverVulnerability eight router models . Following the warning Vulnerability-related.DiscoverVulnerability , D-Link patched Vulnerability-related.PatchVulnerability two of the affected routers , but did not initially reveal Vulnerability-related.DiscoverVulnerability how it would proceed for the remaining six models . After further prompting Vulnerability-related.DiscoverVulnerability from Adamczyk , D-Link revealed Vulnerability-related.DiscoverVulnerability that the remaining six routers would not get Vulnerability-related.PatchVulnerability a security patch because they were considered end-of-life models , leaving affected owners out in the cold . “ The D-Link models affected Vulnerability-related.DiscoverVulnerability are the DWR-116 , DWR-140L , DWR-512 , DWR-640L , DWR-712 , DWR-912 , DWR-921 , and DWR-111 , six of which date from 2013 , with the DIR-640L first appearing Vulnerability-related.DiscoverVulnerability in 2012 and the DWR-111 in 2014 , ” Naked Security reported . Though these are not current models in D-Link ’ s portfolio , many of the listed models are still likely to be in use . As a result of this impasse , Adamczyk released details Vulnerability-related.DiscoverVulnerability about the security flaws , following responsible security protocols after giving D-Link notice and the opportunity to address Vulnerability-related.PatchVulnerability the issues . Of significance is that this is the second time in about a year that D-Link has failed to address Vulnerability-related.PatchVulnerability security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its products after being notified Vulnerability-related.DiscoverVulnerability by researchers . The security researcher noted Vulnerability-related.DiscoverVulnerability that the new flaw arose Vulnerability-related.DiscoverVulnerability after D-Link reported that it had fixed Vulnerability-related.PatchVulnerability a prior security flaw . Also known as “ directory traversal ” or “ dot dot slash ” attacks , these flaws allow a malicious attacker to gain access to system files with a simple HTTP request . Despite D-Link ’ s spotty history with supporting older router models , the manufacturer is not alone in leaving routers unpatched Vulnerability-related.PatchVulnerability . The American Consumer Institute reported Vulnerability-related.DiscoverVulnerability that of the 186 routers it had tested , 155 contained Vulnerability-related.DiscoverVulnerability firmware vulnerabilities . In total , ACI discovered Vulnerability-related.DiscoverVulnerability more than 32,000 known vulnerabilities in its study . “ Our analysis shows that , on average , routers contained Vulnerability-related.DiscoverVulnerability 12 critical vulnerabilities and 36 high-risk vulnerabilities , across the entire sample , ” ACI noted in its report . “ The most common vulnerabilities were medium-risk , with an average of 103 vulnerabilities per router. ” For shoppers who are in the market for a new router , it ’ s probably best to also check with the manufacturer to see what the supported lifespan of the router is . If the router is nearing its end of life , as in the case illustrated here , you may not get Vulnerability-related.PatchVulnerability patches , regardless of how serious a security vulnerability may be . If you have an older router , you may want to consider checking out our guide for the best router options before you decide to upgrade .

WhatsApp has patched Vulnerability-related.PatchVulnerability a vulnerability in its smartphone code that could have been exploited Vulnerability-related.DiscoverVulnerability by miscreants to crash victims ' chat app simply by placing a call . Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported Vulnerability-related.DiscoverVulnerability the flaw , a memory heap overflow issue , directly to WhatsApp in August . Now that a fix is out Vulnerability-related.PatchVulnerability , Silvanovich can go public Vulnerability-related.DiscoverVulnerability with details on the potentially serious flaw . According to Silvanovich 's report , the bug is triggered when a user receives a malformed RTP packet , triggering the corruption error and crashing the application . In practice , the malformed packet that triggers the crash could be sent via a simple call request . `` This issue can occur when a WhatsApp user accepts a call from a malicious peer , '' Silvanovich explained . `` It affects both the Android and iPhone clients . '' While Silvanovich has not said whether further actions ( like remote code execution ) would be possible to pull off in the wild , the flaw was serious enough to draw the attention of fellow Google researcher Tavis Ormandy . Fortunately , as the bug has been patched Vulnerability-related.PatchVulnerability users will be able to get Vulnerability-related.PatchVulnerability a fix for the flaw by updating Vulnerability-related.PatchVulnerability to the latest version of WhatsApp on Android and iOS . We 're still waiting to hear from Google or Facebook on more details , such as if the desktop app is affected of if RCE is possible , but its PR team has a lot on today . The disclosure will add another to the growing list of apps that will need to be updated thanks to October security patches . Earlier today , Microsoft delivered Vulnerability-related.PatchVulnerability its Patch Tuesday security bundle , with Adobe dropping Vulnerability-related.PatchVulnerability its second major patch bundle in as many weeks and Google having posted Vulnerability-related.PatchVulnerability the Android monthly update last week .

A broad array of Android phones are vulnerable Vulnerability-related.DiscoverVulnerability to attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstrated Vulnerability-related.DiscoverVulnerability . The vulnerability resides in Vulnerability-related.DiscoverVulnerability a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patched Vulnerability-related.PatchVulnerability the vulnerability with Monday 's release Vulnerability-related.PatchVulnerability of iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warned Vulnerability-related.DiscoverVulnerability . In a highly detailed blog post published Vulnerability-related.DiscoverVulnerability Tuesday , the Google Project Zero researcher who discovered Vulnerability-related.DiscoverVulnerability the flaw said Vulnerability-related.DiscoverVulnerability it allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasing Vulnerability-related.PatchVulnerability an update in its April security bulletin . The fix is available Vulnerability-related.PatchVulnerability only to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploited Vulnerability-related.DiscoverVulnerability by the proof-of-concept attack , Beniamini said Vulnerability-related.DiscoverVulnerability a lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We ’ ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigations—including stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affected Vulnerability-related.DiscoverVulnerability devices should install Vulnerability-related.PatchVulnerability a patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to get Vulnerability-related.PatchVulnerability a fix immediately , if at all . That 's because Google continues to stagger the release Vulnerability-related.PatchVulnerability of its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off

RawPOS continues to evolve , and has recently been equipped with the capability to steal Attack.Databreach data contained in the victims ’ driver ’ s license ’ s 2-dimensional barcode . “ Although the use of this barcode is less common than credit card swipes , it is not unheard of . Some people might experience getting their driver ’ s license barcode scanned in places like pharmacies , retail shops , bars , casinos and others establishments that require it , ” Trend Micro researchers explained . “ Traditionally , PoS threats Attack.Databreach look for credit card mag stripe data and use other components such as keyloggers and backdoors to get Attack.Databreach other valuable information . RawPOS attempts to gather Attack.Databreach both in one go , cleverly modifying the regex string to capture Attack.Databreach the needed data. ” This particular variant is geared towards collecting Attack.Databreach data from driver ’ s licenses issued in the US . Thus , along with payment card data , criminals also get Attack.Databreach information such as the victims ’ full name , date of birth , full address , gender , height , hair and eye color . This additional info could definitely help criminals impersonate the card holder in many identity theft scenarios , as well as while effecting fraudulent card-not-present transactions . RawPOS is one of the oldest known Point-of-Sale RAM scraper malware families . It ’ s first incarnation was spotted all the way back in 2009 . According to the researchers , it is mainly used by threat actors that focus on targeting businesses operating in the hospitality industry .

RawPOS continues to evolve , and has recently been equipped with the capability to steal Attack.Databreach data contained in the victims ’ driver ’ s license ’ s 2-dimensional barcode . “ Although the use of this barcode is less common than credit card swipes , it is not unheard of . Some people might experience getting their driver ’ s license barcode scanned in places like pharmacies , retail shops , bars , casinos and others establishments that require it , ” Trend Micro researchers explained . “ Traditionally , PoS threats Attack.Databreach look for credit card mag stripe data and use other components such as keyloggers and backdoors to get Attack.Databreach other valuable information . RawPOS attempts to gather Attack.Databreach both in one go , cleverly modifying the regex string to capture Attack.Databreach the needed data. ” This particular variant is geared towards collecting Attack.Databreach data from driver ’ s licenses issued in the US . Thus , along with payment card data , criminals also get Attack.Databreach information such as the victims ’ full name , date of birth , full address , gender , height , hair and eye color . This additional info could definitely help criminals impersonate the card holder in many identity theft scenarios , as well as while effecting fraudulent card-not-present transactions . RawPOS is one of the oldest known Point-of-Sale RAM scraper malware families . It ’ s first incarnation was spotted all the way back in 2009 . According to the researchers , it is mainly used by threat actors that focus on targeting businesses operating in the hospitality industry .

If you get Attack.Phishing a Google Doc link in your inbox today , scrutinize it carefully before you click—even if it looks like Attack.Phishing it comes from Attack.Phishing someone you trust . A nasty phishing scam Attack.Phishing that impersonates Attack.Phishing a Google Docs request has swept the internet today , including a decent chunk of media companies . You 've heard `` think before you click '' a million times , but it really could save you from a whole lot of hassle . Google has taken steps to neutralize this particular phish Attack.Phishing . The company said in a statement that it has `` disabled offending accounts . We ’ ve removed the fake pages , pushed Vulnerability-related.PatchVulnerability updates through Safe Browsing , and our abuse team is working to prevent this kind of spoofing Attack.Phishing from happening again . '' But when it comes to phishing defense Attack.Phishing there 's always an element of cat and mouse . Large-scale phishing attacks Attack.Phishing and those impersonating Attack.Phishing popular services like Google log-in pages regularly stalk the internet . `` The importance of this phish Attack.Phishing is not how it spread , but rather how it didn ’ t use malware or fake websites tricking Attack.Phishing users to give up their passwords , '' says Aaron Higbee , chief technology officer at the phishing research and defense company PhishMe , which analyzed data from the fake Google Docs campaign. `` This phish Attack.Phishing worked because it tricked Attack.Phishing the user into granting permissions to a third-party application . This is the future of phishing Attack.Phishing , and every security technology vendor is ill-equipped to deal with it . '' Similar Google Docs scams Attack.Phishing in particular have been circulating Attack.Phishing since at least 2014 , but that does n't make them any easier to spot , in part because they seem so authentic . Phishers can use real Google accounts and develop third-party plugins that can interact with Google services , so they can lure Attack.Phishing victims in through the most perfect-looking Google web pages of all : Genuine ones .

I recently had a client get Attack.Phishing an interesting phishing message . They had received Attack.Phishing a fake message from their CEO to their Controller - a `` start the conversation '' email to end up with a wire transfer . This sort of email is not common , but is frequent enough in Sr Management circles , especially if you are in the middle of merger or acquisition discussions with another company . Some technical warning signs in that note were : So the discussion quickly moved from `` I 'm glad our execs came to us , we really dodged a bullet there '' to `` just how did this get in the door past our spam filter anyway ? '' Their SPAM filter does use the SPF ( Sender Policy Framework ) DNS TXT record , and a quick check on the SPF indicated that things looked in order there . However , after a second look , the problem jumped right out . A properly formed SPF will end with a `` - '' , which essentially means `` mail senders in this SPF record are valid for this domain , and no others '' . However , their SPF had a typo - their record ended in a `` ~ '' instead . What the tilde character means to this spam filter is `` the mail senders in this SPF record are valid for this domain , but YOLO , so is any other mail sender '' . From the RFC ( RFC7208 ) , the ~ means `` softfail '' , `` A `` softfail '' result is a weak statement by the publishing ADMD that the host is probably not authorized '' . More detail appears later in the RFC : `` A `` softfail '' result ought to be treated as somewhere between `` fail '' and `` neutral '' / '' none '' . The ADMD believes the host is not authorized but is not willing to make a strong policy statement . Receiving software SHOULD NOT reject the message based solely on this result , but MAY subject the message to closer scrutiny than normal. `` This same reasoning applies to the ~all and -all directives in the SPF ( which I see more often ) . You 'd think that a lot has changed since 2006 ( the date of the original SPF spec , RFC4408 ) , that in 2017 a spam filter should fail on that result , but apparently not ( sad panda ) . Kinda makes you wonder what the actual use case is for that tilde character in the definition - I ca n't think of a good reason to list permitted mail senders , then allow any and every other server too . That being said , their filter * should * still have caught the mismatch between the `` from '' and `` reply-to '' fields , especially since it involved an external source and internal domains . Or at least paired that up with the domain mismatch to weight this email towards a SPAM decision . Long story short - this type of attack was pretty popular ( and widely reported ) about a year ago , but successful methods never ( never ever ) go away . A little bit of research can make for a really well-formed phish , right down to using the right people in the conversation , good grammar , and phrasing appropriate to the people involved . So a bit of homework can get an attacker a really nice payday , especially if their campaign targets a few hundred companies at a time ( and they put more work into their email than the example above ) So in this case , a typo in a DNS record could have cost millions of dollars . Good security training for the end users and vigilant people made all the difference - a phone call to confirm is a `` must-do '' step before doing something irrevocable like a wire transfer

Spiral Toys , the parent company behind CloudPets , yesterday sent the California Attorney General a breach notification that on many fronts contradicts what experts have said about a database breach Attack.Databreach that exposed Attack.Databreach user data and private voice messages , many of which were made by children . The notification says that the company was not aware of a breach until Feb 22 when it received an inquiry from a Motherboard reporter who was informed by researchers Troy Hunt and Victor Gevers of a serious issue involving the toymaker ’ s customer data . This runs contrary to timelines provided by Hunt and Gevers showing both reached out to a number of Spiral Toys contacts , including its ZenDesk ticketing system , around Dec 30 . The data was copied and deleted from an exposed MongoDB instance found online . It ’ s unknown how many times the database was accessed Attack.Databreach before its contents were deleted and a ransom note left behind Attack.Ransom , symptomatic of other attacks against poorly protected MongoDB databases . The recordings were not stored in the database , but the database did contain references to file paths to the messages , which were stored on an Amazon Web Services AWS S3 storage bucket . The database , Spiral Toys said in its notification , did include emails and encrypted passwords , which Hunt counters were not encrypted , but were hashed with bcrypt . Combined with a nonexistent password strength rule on Spiral Toys ’ part , the hashed passwords could easily be cracked , Hunt said . The company meanwhile said it would notify 500,000 affected users , force a password reset , and implement new password strength requirements . Hunt and Gevers said there were actually more than 800,000 registered users exposed in the breach Attack.Databreach . “ The breach has been addressed and from our best knowledge no images or messages were leaked Attack.Databreach onto the internet , ” Spiral Toys said . “ A hacker could get Attack.Databreach to that data if they started ‘ guessing ’ simple passwords ” . Which is exactly what a hacker would do , Hunt said . “ This is what hash cracking is and it ’ s a highly automated process that ’ s particularly effective against databases that had no password rules , ” Hunt said . Hunt points out that simple passwords such as qwe—a sample password shown during a CloudPets setup video—combined with the stolen email addresses pose a serious privacy risk . CloudPets are teddy bears that can send and receive messages using Bluetooth Low Energy connectivity to a mobile app , which sends the messages . The most typical use case is where a child can remotely send a message to a parent or authorized adult through the bear . “ If this product was secure , it would have been a nice contribution to the IOT/gadget/toy market , ” Gevers said . The best thing is that they learn from this and start making a new secure product line ” .