Security Affairs newsletter Round 164 – News of the week

Security Affairs newsletter Round 164 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Let me inform you that my new book, “Digging in the Deep Web” is online

Kindle Edition

Paper Copy

Digging The Deep Web

Once again thank you!

·      Experts propose a new variation of the Spectre attack to recover data from System Management Mode
·      Misconfigured CalAmp server allowed hacker to take over a lot of vehicles
·      Google awarded a young expert a total of $36,337 for an RCE in the Google App Engine
·      Hacked Drupal sites involved in mining campaigns, RATs distributions, scams
·      Internet Systems Consortium rolled out security updates to address 2 flaws in BIND DNS Software
·      Judges convict crook of operating Scan4You Counter Antivirus Service
·      Roaming Mantis gang evolves and broadens its operations
·      North Korea-linked Sun Team APT group targets deflectors with Android Malware
·      Tech giants are all working on new Spectre and Meltdown attacks, so-called variant 3 and variant 4
·      The ZipperDown Vulnerability could affect roughly 10% of iOS Apps
·      TheMoon botnet is now leveraging a zero-day to target GPON routers
·      Chinese researchers from Tencent discovered exploitable flaws in several BMW models
·      Experts warn: it is too easy to steal WiFi access key from TalkTalk ‘s Super Routers
·      Huge Russia-Linked botnet VPNFilter ready to launch a massive attack on Ukraine
·      Turla APT group leverages for the first time the Metasploit framework for the Mosquito campaign
·      Bitcoin Gold hit by double-spend attack, exchanges lose over $18 million
·      Justice Department announces actions to disrupt the VPNFilter botnet
·      Kaspersky discovered a backdoor account and other issues in D-Link DIR-620 Routers
·      Many users reported in the past few weeks their Macs have been infected with a new Monero Miner
·      Xenotime, Threat actors Behind Triton Malware broadens its activities
·      Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006 fix)
·      More than 100 Million IoT devices potentially exposed to Z-Shave Z-Wave attack
·      Russian speaking hacker arrested for stealing $8,000 per day leveraging mobile malware
·      CVE-2018-7783 flaw in Schneider SoMachine Basic can be exploited to read arbitrary files on the targeted system
·      Experts show how to defeat AMDs Secure Encrypted Virtualization
·      Pre-installed malware found in 141 low-cost Android devices in over 90 countries

Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 164 – News of the week appeared first on Security Affairs.


via Security Affairs

May 27, 2018 at 10:34AM