A selection of this week’s more interesting vulnerability disclosures and cyber security news. So many interesting snippets this week – in a disturbing way of course. We have a number of large breaches both self inflicted and the usual unsecured DB server, crypto-mining, ransomware and web scans for major products which were breached in hours after patches were released. Disturbing yes. Instead of all of those, the ones that drew my attention are a little more quirky. The first, especially if you happen to be in the EU is the growing alarm most are having over GDPR and I am really surprised the scammers have taken this long to start sending fake email. Its certainly going to get worse over the next couple of weeks so stay alert and don’t click on anything unless you are sure, and REALLY don’t on a mobile device where you can’t see the link you are about to follow:
- Hackers Leverage GDPR to Target Airbnb Customers Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.
Remote exploits on cars I find both particularly interesting and scary. This one went a little way in before the researchers felt it was too much to proceed further. Not sure if this is putting me off buying a new car or not… Might stick with my dumb non-connected one for a while longer…
The Rowhammer attack is another of those curious methods that I’ve been interested in over the years, and seeing it slowly develop into a viable attack method raised little alarm – until now. Now it appears to be a credible threat at least on Android. Take a look:
The other news:
- Australia’s Largest Bank Lost The Personal Financial Histories Of 12 Million Customers Paul Farrell reports
- CVE-2018-10718 Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.
- CVE-2017-18264 An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 before 18.104.22.168, 4.4.x, 4.6.x, and 4.7.0 prereleases
- Hackers Scan the Web for Vulnerable WebLogic Servers After Oracle Botches Patch Catalin Cimpanu reports