Comments on: Cyber Security News April 2019

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 May 2019 11:52:13 +0000

Exploits in the Wild for WordPress Social Warfare Plugin CVE-2019-9978
https://unit42.paloaltonetworks.com/exploits-in-the-wild-for-wordpress-social-warfare-plugin-cve-2019-9978/

On 21 March, researchers disclosed two vulnerabilities in Social Warfare, a very popular plugin in WordPress which adds social share buttons to a website or blog. One vulnerability is a Stored Cross-site Scripting Attack (XSS) vulnerability and the other is a remote code execution (RCE) vulnerability, both are tracked by CVE-2019-9978. Both vulnerabilities are present in versions 3.5.0-3.5.2 of Social Warfare: a fix was released on 21 March and is in version 3.5.3. Approximately 60,000 active installations were found at the time of writing

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 May 2019 11:47:06 +0000

Oops. 228K Danish Passports Have Swapped Fingerprint Data
https://www.bleepingcomputer.com/news/security/oops-228k-danish-passports-have-swapped-fingerprint-data/

In a big oops, over 200,000 Danish passports were printed with the users’ fingerprints mistakenly swapped between the left and right hand.

Since October 2011, all new Danish passports contain chips that store biometric data such as the owner’s digital photo, fingerprints, and signatures.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 May 2019 11:46:39 +0000

Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat
https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 May 2019 11:45:18 +0000

Hackers Steal and Ransom Financial Data Related to Some of the World’s Largest Companies
https://motherboard.vice.com/en_us/article/d3np4y/hackers-steal-ransom-citycomp-airbus-volkswagen-oracle-valuable-companies

The data was stolen from Citycomp, which provides internet infrastructure for dozens of companies including Oracle, Airbus, Toshiba, and Volkswagen.

By: Tomi Engdahl

Tomi Engdahl — Thu, 02 May 2019 09:41:59 +0000

Oh dear. Secret Huawei enterprise router snoop ‘backdoor’ was Telnet service, sighs Vodafone
We all want to see hard proof of deliberate espionage. This is absolutely not it
https://www.theregister.co.uk/2019/04/30/huawei_enterprise_router_backdoor_is_telnet/

By: Tomi Engdahl

Tomi Engdahl — Wed, 01 May 2019 14:48:15 +0000

‘One Ring’ Wireless Phone Scam
https://www.fcc.gov/consumers/guides/one-ring-wireless-phone-scam

If your phone rings once and then stops, think twice before returning the call. It may be a scam

Why Phone Fraud Starts With A Silent Call
https://www.npr.org/sections/alltechconsidered/2015/08/24/434313813/why-phone-fraud-starts-with-a-silent-call?t=1556689827658

By: Tomi Engdahl

Tomi Engdahl — Wed, 01 May 2019 14:43:20 +0000

Editors’ picks for 2018: ‘The African Union headquarters hack and Australia’s 5G network
https://www.aspistrategist.org.au/editors-picks-for-2018-the-african-union-headquarters-hack-and-australias-5g-network/

By: Tomi Engdahl

Tomi Engdahl — Wed, 01 May 2019 14:28:34 +0000

Backdoors in Huawei Equipment Discovered by Vodafone Italy in 2009
https://gizmodo.com/backdoors-in-huawei-equipment-discovered-by-vodaphone-i-1834408368?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow

Vodafone Italy discovered backdoors in its Huawei home internet routers and software between 2009 and 2011 according to a new report from Bloomberg News. The backdoors have reportedly been fixed, but the revelations are still bad news for Huawei as the Chinese tech giant tries to secure contracts to build 5G infrastructure around the world.

By: Tomi Engdahl

Tomi Engdahl — Tue, 30 Apr 2019 12:00:42 +0000

GDPR Conformance Does Not Excuse Companies from Vicarious Liability
https://www.securityweek.com/gdpr-conformance-does-not-excuse-companies-vicarious-liability

The UK supermarket chain Morrisons’ legal battle with 5,500 of its own employees over vicarious liability introduces a new threat element to the already complex and confusing demands of the EU’s General Data Protection Regulation (GDPR).

By: Tomi Engdahl

Tomi Engdahl — Tue, 30 Apr 2019 12:00:21 +0000

Facebook to Fund Research on Social Media Impact on Elections
https://www.securityweek.com/facebook-fund-research-social-media-impact-elections

Facebook announced Monday its first research grants to academics studying the impact of social media on elections, part of an effort to prevent manipulation of social platforms.

The leading social network said some 60 researchers from 30 academic institutions across 11 countries were selected under a review process by the Social Science Research Council and the independent group Social Science One.