A selection of this week’s more interesting vulnerability disclosures and cyber security news. We close the year with an interesting comment from an old breach at Ashley Madison: Bots are something to look for.
This year there has certainly been growth in chat bot development and use. Some which were very surprising (and disturbing) too, but what we’ve not perhaps considered is the security aspect: Can they be turned to illegal activities? This article does point out that Tinder has been fighting off bots that aim to extract credit card details. I think this could be the start of something new. Bots of course don’t sleep and are much more easier to deploy than a lot of people. Then we have many chat platforms out there including bot SDKs just to make it easier!
Stay sharp folks!
The rest of the news…
- 10 Things InfoSec Pros Can Celebrate About 2016 There were a few items that passed for good news this year.
- Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin)
- Exclusive: Bangladesh police detail suspicions of inside help in central bank heist (Yahoo Security)
- Fileless Malware Takes 2016 By Storm In-memory attacks are all the rage, creating a growing class of _non-malware._
- As Bitcoin Price Surges, Phishing Attacks on Cryptocurrency Wallets Intensify Catalin Cimpanu reports