Here’s my catch of the day for you: Wednesday Jan 25 2017
Microsoft Closes Security Hole in Mac OS X Remote Desktop App : Microsoft has fixed a serious vulnerability affecting users on Mac OS X. As reported “The Microsoft remote desktop client for Mac OSx allowed a malicious terminal server to read and write any file in the home directory of the connecting user”. Essentially an attacker could trick users into opening a malicious rdp URL, and then access the user’s home directory. The clincher is that Mac OS X apps eg Safari, Mail, Messages, open clicked rdp URLs by default. No questions asked. And we really, really need that “Mother may I?” here. That means phishing attacks are far more successful. http://www.theregister.co.uk/2017/01/24/microsoft_fixes_remote_desktop_app_mac_hack/
Lloyd’s Bank hit by DDoS Attack: On January 11th, the venerable Lloyd’s Bank of London was struck by a DDoS attack that lasted until Friday January 13th. Attackers tried to crash the Lloyd’s site, causing issues for customers and impacting some access to online banking. The bank did not lose money, nor data, nor was the impact significant. Law enforcement is investigating. We know there are more to come. Banks & DDoS hmmm
What’s New Yahoo?: From our “This should come as no surprise” department. Yahoo has announced its forthcoming sale will be delayed – awww – and completed in the second quarter of this year, not the first. After the two mega breaches which were reported in the last half of 2016, public confidence dropped. While that is as it should be, it is interesting that although search revenue fell slightly, revenue in other sectors grew and the company reported a $162 million profit. http://www.bbc.com/news/business-38725812
Benevolent Hackers Warns Users of Cassandra Databases: If you are following the crazy number of ransomware attacks on databases, then you know it ain’t just Mongo. Cassandra users are being alerted via an empty table named “your_db_is_not_secure“. And if you ask Shodan, over 2600 of these databases are open and unsecured. Some good folks are hard at work tracking and reporting details, like @0xDUDE and @DunningKrugerEffect.