A selection of this week’s more interesting vulnerability disclosures and cyber security news. Yet more big breaches to look at this week, and thoughts often turn to concern for where our own information may be and if it is included in these breaches. As usual researchers are often quick to point out that military and government email addresses are present, but what about corporate accounts? Linking staff email accounts to some of the more salacious data breaches could give some PR departments a bad time.
For the rest of us, and more so those in IT where we might register with a service using weak or common passwords just to try things out only to forget later, and such details are now probably spread further afield than we would like. Using disposable email accounts are great for this but the down side is if there is the possibility that the use of email beyond a simple reset is required, something a little more permanent will be required and so often fall back to our usual habits. In these cases I would suggest using different account names on a domain you own, that way no obvious common email account is going to be reused across services. I do see others doing this from time too. You then only have to focus on the passwords, and again, different passwords as we often hear are a good option.
- Vuln: Joomla! Core CVE-2016-9836 Arbitrary File Upload Vulnerability Joomla! Core CVE-2016-9836 Arbitrary File Upload Vulnerability