NPower suffers small data leak | Inside Security - September, 13th 2018

Inside Security (Sep 13th, 2018)

Cobint / Veeam and NPower data leaks / Trend Micro’s bad Mac apps


New blank template
###CAMPAIGN:PREVIEW### ###PIXEL:IMG###
Subscribe | View in browser

Today’s premium story is about a new cryptocurrency ploy to spoof a legit website. Sadly, it is just one in a long list of other exploits.

If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters without any ads. Click on this link here to upgrade your account.  -- David Strom


1. There is a new malware downloader called Coblnt which is associated with the Cobalt Gang. Researchers have identified its characteristics, one notable one is having multiple stages that makes it very potent. -- PROOFPOINT BLOG


2. Ironically, the backup and data recovery vendor Veeam has accidentally exposed its marketing database of millions of records to the public. Only after repeated attempts by one researcher was the data finally secured. -- DIACHENKO BLOG @ LINKEDIN


See it. Secure it. Halo Cloud Secure eliminates your public cloud blind spots.

Halo Cloud Secure is an automated public cloud infrastructure security solution that delivers comprehensive visibility, protection, and continuous compliance monitoring for compute, storage, database, networking, and identity services to reduce cyber risk. Check your AWS accounts for FREE right now.


3. If you are in the market for a used Alexa, reconsider your purchase. Some of them are being sold with deliberate malware that can record network traffic and audio. Purchase with care. -- VPNMENTOR


4. The British electric utility NPower has inadvertently emailed about 5,000 customer data to the wrong customers. Apparently their third-party fulfillment vendor was to blame. -- COMPUTING (UK)


5. While Apple was gearing up for its major announcement, they were also eliminating a new collection of badly behaving apps from Trend Micro. The MacOS apps were stealing users’ data without their consent. Trend admitted their mistake, although it took three different posts to get it right. -- TREND MICRO BLOG


6. Researchers have uncovered a pair of vulnerabilities in the ProtonVPN and NordVPN VPN clients. The pair can enable privilege escalation attacks. Both vendors have issued patches. -- CISCO TALOS

7. If you want to steal a Tesla model S, all it takes is some electronics to clone its key fob. This is according to a team of academic Belgian researchers. Blame it on the car’s weak encryption methods. The team received a $10k bounty and the issue has been fixed. -- WIRED  

8. If you get an email saying your Wordpress blog database needs an update, chances are good it is a phishing attack.-- SUCURI BLOG

9. A new open source method to create secure trusted hardware enclaves has been invented. Called Keystone, it is still in very early developmental stages. -- KEYSTONE WEBSITE

10. This post dissects how a family of Android malware can intercept SMS MFA authentications. It is well worth reviewing to understand how clever malware authors can be. -- SECURITY BLVD.


Researchers have found yet another new cryptocurrency exploit, this time with spoofing the Jaxx Liberty Wallets. It is a versatile wallet that has been downloaded more than a million times. This is just the latest in crypto exploits. I wrote an article for IBM’s Security Intelligence blog at the beginning of the year here that reviews some of the older exploits in this fast-moving world.

My article categorizes these exploits into DDoS attacks, wallet thefts, mining-based malware and website hacks. All of them have become more numerous, particularly when the price of crypto coins rises


That is pretty depressing when you think about it. -- LESLEY CARHART @ TWITTER


This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


Copyright © Inside.com, All rights reserved.

Our mailing address is:
Inside.com
767 Bryant St. #203
San Francisco, CA 94107



Did someone forward this email to you? Head over to inside.com to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security

MORE NEWSLETTERS

A twice-daily digest of the day's major news stories, including an in-depth breakdown of the coronavirus pandemic.

Inside Daily Brief

A twice-daily digest of the day's major news stories, including an in-depth breakdown of the coronavirus pandemic.

Latest issue

DAILY
A twice-daily digest of the day's major news stories, including an in-depth breakdown of the coronavirus pandemic.

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Inside Electric Vehicles

Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Latest issue

DAILY
Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Inside Electric Vehicles

DAILY

SUBSCRIBED!

Share via

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Latest issue

DAILY
Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

DAILY

SUBSCRIBED!

Share via

The present and future of immersive technology

Inside XR

The present and future of immersive technology

Latest issue

DAILY
The present and future of immersive technology

Inside XR

DAILY

SUBSCRIBED!

Share via