November 9, Securityweek – (International) User data compromised in Touchnote breach. UK-based postcard-sending service, Touchnote revealed that its systems were compromised in an attack that stole customers’ personal information including names, email addresses, postal addresses, and other histories that may be used to trick victims into supplying attackers with more sensitive information. The company has notified impacted customers and an investigation is ongoing to find the attackers. Source
November 9, IDG News Service – (International) No surprise here: Adobe’s Flash is a hacker’s favorite target. Researchers from Recorded Future released a new study November 9 revealing that Adobe Systems’ Flash plugin was the highest targeted software program used by cybercriminals to install malware onto computers following research that revealed 8 of the 10 top vulnerabilities were seen targeting Adobe’s Flash plugin. Source
November 8, Softpedia – (International) Security flaws found in Google Chromecast, Home Security Systems, Smart Coffee Makers. Security researchers from Kaspersky discovered several vulnerabilities in Internet of Things devices (IoT) including a “rickrolling” vulnerability in Google Chromecast devices that enables attackers to hijack smart TV content, a vulnerability in a smart coffee maker device that exposes the user’s Wi-Fi password, allowing attackers to spy on homeowners by connecting to Internet protocol (IP) cameras used in Webcams and baby monitors, as well as infiltrate a home security system by using powerful magnets that allows attackers to gain access to homes without triggering the alarm. Source
November 6, Softpedia – (International) Ransomware found targeting Linux servers and coding repositories. Researcher from Russian-based antivirus maker Dr. Web discovered a new ransomware that targets Linux web servers and attacks web development environments used to host websites or code via a downloaded file containing the public RSA key used to store AES keys that add encrypt extension to each file, as well as a ransom text message where it encrypts data. The ransomware was detected as Linux.Encoder.1 and uses the PolarSSL library. Source