A selection of this week’s more interesting vulnerability disclosures and cyber security news. Why are you here reading this? Go away and patch now! Seriously, the year has really started badly with possibly the most significant vulnerability ever and everyone should be rushing around either buying new hardware or patching (and suffering the potential side-effects).
Exploits are already out there, some more likely than others so stay alert folks for any odd things even though the actual attack won’t leave any IOCs:
The background for this debacle:
- Critical Microprocessor Flaws Affect Nearly Every Machine Researchers release details of ‘Meltdown’ and ‘Spectre’ attacks that allow programs to steal sensitive data.
Another potential pot of nastiness which appears to be showing signs of becoming a ‘thing’:
Other things have actually happened and here are a selection to fill in the time waiting for patches to apply….
- 19 M California Voter Records Held for Ransom in MongoDB Attack The records were first exposed in an unsecured MongoDB database, continuing a cyber-extortion trend.
- Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.