Cyber-Security-in-120-Secs-The-Awareness-of-AtomBombing-R1.png

 This week, the awareness of AtomBombing was heightened, when researchers discovered the technique integrated within a new version of Dridex banking malware; CloudFlare's data breach is said to be the most significant breach in 2017, thus far;  CloudPet's data breach affecting millions of children via another connected toy.  

Highlighting the cyber-security news from the past week in a 120 sec. read. Starting now.

 

 

Malware

AtomBombing a code injection technique has been found in V4 of Dridex banking malware.

Why is this significant?

 

  • In 2014/15, Dridex banking malware hit banks so hard, that it is estimated 20M pounds was stolen in the UK and 10M was stolen in the US.
  • Dridex has been recently found by IBM researchers currently hitting UK banks.  Previous versions of Dridex hit 20 countries and this version is expected to hit banks in the US.
  • This is the fourth attempt for Dridex writers have tweaked the original code in order to evade detection.  It seems as though the versions are short lived, as this is V4.

Read the full story in SecurityWeek

/**enSilo protects against Dridex v4. Read more about AtomBombing**/

Data Breaches

 

  1. Cloudflare’s data breach is said to be the most significant breach of 2017 so far.

Why is this significant?

  • Cloudflare is a hosting site that provides services for a huge chuck of websites on the Internet.  This data breach is being dubbed Cloudbleed.
  • Tavis Ormandy, discovered data breach when randomly searching through publically posted website data looking for errors in the code and found a mecca of data from private messages on dating sites to hotel bookings. While the source of the vulnerability is yet unknown, it seems that servers spewed out random areas of memory from vulnerable servers.
  • For now, it’s unknown how long the data has been leaking, but may have been leaking since September 2016

Read the full story in Forbes

 

  1. CloudPets owned by Spiral Toys had a database that was compromised, that included  exposure of over 2M recorded messages that are mostly voices of children and their parents.

 

Why is this significant?

  • This is not the first time that a “connected toy” has a major security issue.  Just recently, My Friend CaylaHello Kitty,  Hello BarbieV Tech database, all had major security issues that caused breaches or either data and/or tampering with privacy of children.
  • What led to the data breach?  For starters, poor password strength, failure to secure account data.  Which leads to the dangers of invading children’s privacy that is overlooked when purchasing what looks to be an innocent toy.
  • Spiral Toys was contacted numerous times in regards to this private data being exposed and they have yet to remediate the issue or even respond to the security researcher.

Read the full story in Troy Hunt’s blog