The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Swedish Trains Schedule Gets Derailed by Cyber Attack
In the last week, several computer systems belonging to the Sweden Transportation Administration were subjected to multiple DDoS attacks that forced the agency to halt some trains and delay others. While they were able to bring the services back online within a few hours, the delays affected transportation schedules for the remainder of the days. Unfortunately, the effects of the attacks were still noticeable within the transportation systems for several days, as the schedules all needed readjustment to accommodate their customers.
Adobe Flash Affected by Zero-Day Exploit
Researchers this week discovered a zero-day exploit within Adobe Flash Player that was used to install FinSpy, a malicious software used to steal user information. The software was hidden in an infected Word document, which the user received via email. FinSpy surveillance software is sold worldwide, but is often used maliciously to gain financial or political power through information gathering and extortion. Fortunately for Adobe Flash users, the latest update patches the exploit and is readily available from Adobe’s site.
Adult Themes Infest Roblox Computer Game
The open-source nature of games like Roblox can enable users to make custom additions to the game and make their experience their own. However, some users choose to take advantage of the system and abuse it. Unfortunately, many of the game’s younger user-base has recently been subjected to Nazi propaganda and other adult content. The vendors of such mods are usually banned from the servers, only to return a short while later.
IoT Takes Major Hit with Krack Attacks
Recently, a vulnerability was found within the WiFi encryption currently in use by hundreds of millions of IoT devices around the world. Fortunately, the vulnerability has been patched by dozens of vendors for quite some time now. However, there are still some devices that won’t likely receive an update in the near future: security cameras, routers, and other household wirelessly connected “things”.
Oracle Updates Large Number of Critical Patches
In their latest update, Oracle pushed out more than 250 different patches for bugs across hundreds of products. Some of the most critical patches involve SQL injection vulnerabilities in their E-Business Suite, which could be used maliciously to steal or alter sensitive financial data. Another area that received multiple patches was the Java Platform, which had 20 unique exploits that were available remotely without any user authentication.