January 12, IDG News Service – (International) Mozilla Persona login system to shut down in November. Mozilla reported that its login system, Persona (persona.org) and related domains will be shut down November 30 due to limited resources and low customer usage within the last two years. The company will continue to maintain the system including providing security fixes and support, but will not introduce new features or produce major enhancements. Source
January 12, SecurityWeek – (International) Google researcher finds RCE flaws in Trend Micro product. Trend Micro released updates for its Password Manager product addressing a remote code execution (RCE) flaw, security feature flaws, and several application program interface (API) flaws, among others, that exposed nearly 70 APIs to the Internet, which could have enabled an attacker to steal user passwords without the consent or knowledge of the user. Source
January 11, Softpedia – (International) WhatsApp users targeted by sneaky spam campaign. Researchers from Comodo discovered that the Nivdort malware has been using WhatsApp users to steal information about a victim’s computer and send the collected information to a command-and-control server (C&C) where hackers can send additional malware, including banking trojans, complex spyware, or point-of-sale (PoS) malware via spam email campaigns that contain malicious file attachments disguised as WhatsApp messages, images, audio, or video files. Source
January 11, Softpedia – (International) US DHS just spent $1.7 million to develop better DDoS protection tech. DHS awarded a $1.7 million contract to Galois, a U.S. Research and Development company to help develop a new technology dubbed, DDoS Defense for Community of Peers (3DCoP) that will mitigate and stop denial-of-service (DDoS) attacks by detecting, tracking, and preventing ongoing attacks via a unique traffic flow monitoring capability that will find patterns of interest. Source
January 11, Softpedia – (International) Smartwatches can be used to spy on your card’s PIN code. A software engineer released a report titled, Deep-Spying: Spying using Smartwatch and Deep Learning that introduces a new theoretical attack that can allow attackers to extract sensitive information including credit card information or phone access personal information number (PIN) codes by interpreting data from a smartphone’s motion sensor and making an analogy to each PIN pad’s keystrokes. Source
January 12, Softpedia – (International) eBay bug allows hackers to steal user passwords. eBay released patches for a cross-site scripting (XSS) vulnerability found on its official website after a researcher named MLT discovered the flaw allowed attackers to steal users’ credentials and abuse the stolen information by creating an authentic-looking eBay login page using an PHP script that allowed the submitted information to be sent to an attacker’s server instead of eBay’s server. Source
January 11, Softpedia – (Minnesota) DDoS attack on Minnesota court system takes website offline for ten days. The Minnesota court system announced January 11 that its official website was down for 10 days in December 2015 due to a series of distributed denial-of-service (DDoS) attacks on its servers. The Judicial Branch reported that no data breach occurred during the DDoS attacks and that the court’s security systems were updated and enhanced. Source