July 18, Help Net Security – (International) Ubuntu Forums hacked again, 2 million users exposed. Canonical chief executive officer (CEO) reported that an attacker exploited a Structured Query Language (SQL) injection flaw in its Ubuntu Forums to access and download part of the Forums database, containing usernames, email addresses, and internet protocol addresses (IPs) for 2 million users. Canonical shut down the database, reset all users’ passwords, and installed a Web application firewall after being notified that an individual was claiming to have a copy of the Forums database. Source
July 17, Softpedia – (International) Researcher finds way to steal money from Instagram, Google, and Microsoft. An independent Belgian security researcher discovered a flaw in Facebook, Google, and Microsoft’s two-factor authorization (2FA) voice-based token distribution systems that could allow an attacker, who has created premium phone services and linked them together with fake Instagram, Google, and Microsoft Office 365 accounts, to use automated scripts to request 2FA tokens for all accounts, and by doing so, place legitimate phone calls to their premium phone service, thereby earning a substantial profit. Source
July 15, IDG News Service – (International) Cisco patches serious flaws in router and conferencing server software. Cisco Systems released patches addressing several vulnerabilities in its Cisco internetwork operating system (IOS), IOS XR, ASR 5000, WebEx Meetings Server, and Cisco Meeting Server including a high severity denial-of-service flaw and an arbitrary code execution issue in its Cisco IOS XR software, two cross-site scripting (XSS) vulnerabilities in the WebEx Meetings Server version 2.6, and an insure Simple Network Management Protocol (SNMP) implementation flaw in the ASR 5000 Series platform, among other vulnerabilities. Source
July 15, SecurityWeek – (International) Locky ransomware gets offline encryption capabilities. Security researchers from Avira discovered an update to the Locky ransomware that allows the ransomware to enter an offline encryption mode when it cannot connect to the command and control (C&C) server. The development mimics the Bart ransomware, in that it ensures that the ransomware can carry out malicious actions even when its Internet connectivity is blocked, making detection more difficult. Source
July 17, Softpedia – (International) Pokemon GO servers suffer DDoS attack at the hands of PoodleCorp. The popular gaming app, Pokemon GO, went offline for several hours July 16 due to a distributed denial-of-service (DDoS) attack carried out by hacker group PoodleCorp. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report