Krebs on Security: Avast, NordVPN Breaches Tied to Phantom User Accounts
Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password. Based in the Czech Republic, Avast bills itself as the most popular antivirus vendor on the market, with over 435 million users.
U.S. Government, Military Personnel Data Leaked By Autoclerk
A leaky database owned by reservations management system Autoclerk has exposed the personal data and travel information for thousands of users – including U.S. government and military personnel. Autoclerk, which was acquired by the Best Western Hotel and Resorts Group in August, provides reservation management software for hotels, accommodation providers, travel agencies and more.
Chinese Hackers Use New Malware to Backdoor Microsoft SQL Servers
New malware created by Chinese-backed Winnti Group has been discovered by researchers at ESET while being used to gain persistence on Microsoft SQL Server (MSSQL) systems. The new malicious tool dubbed skip-2.0 can be used by the attackers to backdoor MSSQL Server 11 and 12 servers, enabling them to connect to any account on the server using a so-called "magic password" and hide their activity from the security logs.
Alexa and Google Home devices can be exploited to eavesdrop on users, phish passwords
Many of us have given a home to voice-controlled speakers such as the Amazon Echo and Google Home, using them to control music, turn off the lights, or simply got a kick out of asking them silly questions. But it hasn’t all been fun and games, with revelations that the digital assistants were routinel sending recordings to third-party subcontractors in an attempt to improve speech recognition performance – recordings that users expected to be private and confidential.
