A selection of this week’s more interesting vulnerability disclosures and cyber security news. The new year begins with warnings that ransomware will be the ‘big thing’ this year. It certainly looks like the direction we are going if the various articles highlighting new variants are anything to go by, though a always, vigilance against any attempts to entice you to click on links you shouldn’t will fend off most.
- KeepKey notifies customers of security incident, offers 30 BTC reward for tips leading to attacker�s arrest
- White Hacker Launches Public Support Site With ‘Security Without Borders’ Claudio Guarnieri aims to connect white hackers with potential victims.
- Newly Discovered Android Trojan Hijacks Routers Switcher takes advantage of Android users to infect WiFi routers in ‘dangerous new trend.’
- ‘Ghost Hosts’ Bypass URL Filtering Malware authors have found a way to evade URL-blocking systems by swapping bad domain names with unknown ones.
- Insane blackhats behind world’s most expensive ransomware ‘forget’ to backup crypto keys (The Register)
- UK: Derbyshire computer hacker who broke into a company�s emails is now helping it get secure Kit Sandeman reports
- CVE-2016-7169 Directory traversal vulnerability in the File_Upload_Upgrader class in wp-admin/includes/class-file-upload-upgrader.php in the upgrade package uploader in WordPress before 4.6.1 allows remote authenticated users to access arbitrary files via a crafted urlholder parameter.