Roundup Here's El Reg's fresh slice of all the infosec news – beyond what we've already covered – that you'll need to know as you start your week. Ready? Here we go.

Cisco posts Krook Wi-Fi patches

It looks like Switchzilla is moving swiftly to clear up the Krook bug discovered by ESET.

Just hours after the researchers delivered their findings in a report, Cisco gave its own advisory on the Wi-Fi data snooping flaw.

"Multiple Cisco wireless products are affected by this vulnerability," the advisory stated.

"Cisco will release software updates that address this vulnerability. There are no workarounds that address this vulnerability."

Sophos finds VM rootkit

Researchers over at Sophos have made a rather interesting discovery: a rootkit infection that targets Linux and Windows VMs in the AWS cloud. Dubbed "cloud snooper", the infection is so complex that the culprit was very likely to be a nation-state hacking group. The targets were not named, but Sophos reckons the aim of the malware was to harvest sensitive data from the infected servers.

Additionally, the Sophos team does not believe that AWS is at fault here, despite the infections sitting on EC2 instances. "Though we discovered the technique in use on AWS, the problem is not an AWS problem per se," Sophos explained.

"It represents a method of piggybacking C2 traffic on a legitimate traffic, such as normal web traffic, in a way that can bypass many, if not most, firewalls."

OnlyFans says no hack in massive archive dump

A massive multi-terabyte release of racy content said to be from adult entertainment site OnlyFans – a sort of Patreon for porno – sparked fears that the site had been hacked. Fortunately, that is not the case, it seems.

"We have investigated claims of a site-wide hack and found no evidence of any breach of our systems," a spokesperson told El Reg.

"The content contained in the supposed 'leak' seems to be curated from multiple sources, including other social media applications."

Missing C++ update opens security hole in Ubuntu 16.04

A lack of support for the latest version of C++ left some Ubuntu Firefox users vulnerable to attack up until recently.

Reg reader motogee pointed out how, thanks to missing support for C++ 2017, Firefox for Ubuntu had not been patched for a handful of flaws.

The missing support, we are told, is present in Ubuntu 16.04 LTS and is caused by Firefox 73 adopting C++ 2017 as the standard. In Ubuntu 16.04 LTS (Xenial Xerus), however, there was no support for the new C++ version. This meant some Ubuntu users were unable to get the latest fixes for four CVE-listed vulnerabilities. Ubuntu 18.04, the latest version, was not affected.

Canonical confirmed to The Register that, as of February 26, the issue has been resolved and all Ubuntu builds are once again secured.

Shark Tank celeb scammed for $400k

Now might be the time to pitch your anti-phishing products on Shark Tank (the US version of Dragons' Den). One of the millionaire moguls who judge on the show, businesswoman Barbara Corcoran, has copped to dropping around $400,000 as the result of an email scam.

Corcoran, who invests in real estate, was reportedly convinced by an impostor to redirect payments from a deal into an account controlled by the scammer.

"I was upset at first, but then remembered it was only money," Corcoran reportedly said.

It must be nice to have so much money that $400k is written off as a learning experience.

Straffic.io cops to data exposure

On February 26, advertising company Straffic.io admitted it had been notified of some data sitting out thanks to a vulnerable web app.

"Following this report, we confirmed a weakness did exist and promptly patched it, in addition to fortifying our existing security protocols," the notice read.

"As of now, all systems are secure and we did not find evidence of any data misuse or data loss."

According to hacked-site tracker Troy Hunt, the exposure was actually quite substantial.

New breach: Israeli marketing firm Straffic exposed 140GB of data spanning 305M rows with 49M unique email addresses. Data also included names, addresses, phones and genders. 70% of emails were already in @haveibeenpwned. Read more: https://t.co/lWf8kcsUkr — Have I Been Pwned (@haveibeenpwned) February 27, 2020

Mimecast posts threat report

Security firm Mimecast marked the 2020 RSA show with an updated version [PDF] of its security threat report.

The company said this edition shows how widescale the Emotet malware has grown as of late.

"The campaigns observed in this quarter range from relatively simple phishing campaigns to complex, multi-vector campaigns that alternate file types, attack vector, types of malware and vulnerabilities," said Mimecast.

"Compared to previous quarters, Mimecast researchers noted a marked difference in the significant attacks conducted: from October to December 2019, the attacks targeted a wider range of companies across various sectors and for shorter periods of time than in previous quarters." ®