Welcome to the weekly dose of cyber security news and views.
Date – 7th Jan 2018
Before I tell you about the most relevant cyber security news of the first week of this new year, I want to wish you all “Happy New Year” and a very safe and secure 2018! It’s been only 5 days of this year and we already learn about two major and severe security flaws found in Intel CPUs: Meltdown and Spectre, which are affecting computers worldwide. If you haven’t done it already, we recommend keeping all your devices and applications up to date!
Here’s what happened in this first week of 2018 in cyber security, as we’ve summed up the most important stories of this week in our weekly security round-up.:
1. SPECTRE OR MELTDOWN unaffected to RASPBERRY PI:
Over the last couple of days, there has been a lot of discussion about a pair of security vulnerabilities nicknamed Spectre and Meltdown. These affect all modern Intel processors, and (in the case of Spectre) many AMD processors and ARM cores. Both vulnerabilities exploit performance common to many modern processors to leak data via a so-called side-channel attack. Happily, the Raspberry Pi isn’t susceptible to these vulnerabilities.
2. India, the Aadhaar Nation under scrutiny by privacy concerns
In a report titled “Rs 500, 10 minutes, and you have access to billion Aadhaar details” published on Wednesday, The Tribune had claimed to have bought “a service being offered by anonymous sellers over WhatsApp” for unrestricted access to details of the more than 1 billion Aadhaar holders. Former Central Intelligence Agency (CIA) employee, Edward Snowden also shared his viewpoint stated that admin accounts can be made and the access can be sold to the database. This was a major blow to the Centre’s push for Aadhaar.
3. WD MyCloud NAS devices vulnerable to Critical Hard-coded backdoor
Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital’s My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. The researcher has also written a Metasploit module to exploit this vulnerability.
An attacker could literally take over your WDMyCloud by just having you visit a website where an embedded iframe or img tag make a request to the vulnerable device using one of the many predictable default hostnames for the WDMyCloud such as ‘wdmycloud’ and ‘wdmycloudmirror’ etc.”
4. Forever 21 PoS Systems Breached
Forever 21 joins a crowded list of retailers and hotel chains bitten by PoS-style attacks in 2017. Over the past 12 months, there has been a number PoS systems targeted in attacks by a growing list of malwares. The company said each of its Forever 21 retail outlets uses multiple PoS terminals, but at some stores a number of devices did not have encryption enabled. It said hackers targeted those few stores and the vulnerable PoS devices that kept logs of completed payment transaction authorizations.