A selection of this week’s more interesting vulnerability disclosures and cyber security news. Most of the news has continued to be related to Meltdown, but a few other interesting notes popped up. The first is a common issue in appliance/IoT world of hard coded credentials. Just one question why is this still a thing?
An issue has come up too with the very popular SSL cert project Let’s Encrypt. Hopefully this will be rectified quickly:
One issue from last year that seemed to have sunk under all the other ‘exciting’ news since is the vulnerability to WPA. Looks like a new standard is finally heading out of the door this year (hopefully):
Mostly CPU stuff then….
- UK: ICO slams Carphone Warehouse with £400,000 penalty; inadequate security contributed to 2015 hack
- Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches Windows servers will see biggest degradation, as will Windows 7 and 8 client machines, Microsoft said.