A selection of this week’s more interesting vulnerability disclosures and cyber security news.
Apart from another load of breaches which seems to be the norm now, I thought I would highlight one of the classic fails of any sysadmin:
And now on to the usual breaches, hacks and yet another Flash exploit….
- Gatecoin cryptocurrency exchange seeks to reimburse stolen funds after US$2m security breach
- Drupal Security Updates Patch Two Vulnerabilities
- 45 Million Potentially Impacted by VerticalScope Hack (SecurityWeek)
- 51 Million iMesh Passwords Dumped Online Paul Wagenseil reports: If you’re suffering from data-breach fatigue, tough luck.
- Biz security deadline knocked back 3 months ‘cos Brits ignored it (The Register)
- College student schools .govs and .mils on perils of arbitrary code execution (ArsTechnica)
- Critical Adobe Flash bug under active attack currently has no patch (ArsTechnica)
- Dell Official Website Subdomains Hacked By Kurdish Hackers TapScape reports
- Flash Zero-Day Exploited in Targeted Attacks (SecurityWeek)
- Fresh hell for TalkTalk customers: TeamView trap unleashed (The Register)
- Let’s Encrypt lets 7,600 users… see each other’s email addresses (The Register)
- Microsoft planning blockchain-as-a-service for Azure apps (The Register) Symantec buying internet security firm Blue Coat (Yahoo Security)
- UK: Hacker breaches University of Greenwich, exposes 21,000 people’s data
- Nokia signs $1.5 billion framework deal with China Mobile (Yahoo Security)