A selection of this week’s more interesting vulnerability disclosures and cyber security news. Some pretty astounding news this week, instead, I want to highlight what some could say are softer cybercrimes, which nevertheless are cybercrimes and possibly happen far to regularly and under the radar to be reported as such:
- Impatient former Hong Kong library worker arrested after stealing customer’s personal data to borrow books faster I know
Continuing the email theme, this one shows what can go horribly wrong when someone doesn’t pay attention to what they are clicking on:
OK, I can’t resist, let’s have an IoT story…
- ‘Unbreakable’ Smart Lock Tapplock Issues Critical Security Patch Researchers were able to discover a way to hack the device in less than an hour.
Some issues of the week…
- macOS QuickLook Feature Leaks Data Despite Encrypted Drive Researchers demonstrate how an encrypted macOS hard drive can still leak unprotected data via the operating system’s Finder and QuickLook feature.
- ‘Hidden Tunnels’ Help Hackers Launch Financial Services Attacks Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
- 22K Open, Vulnerable Containers Found Exposed on the Net Attackers can remotely access the infrastructure to install, remove or encrypt any application that the affected companies are running in the cloud.
- Axis Cameras Riddled With Vulnerabilities Enabling ‘Full Control’ The IP cameras have a slew of bugs allowing bad actors to control them, add them to a botnet, or render them useless.
- Exposed Container Orchestration Systems Putting Many Orgs at Risk More than 22,600 open container orchestration and API management systems discovered on the Internet.
- Hackers Crack iPhone Defense Built to Block Forensic Tools Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
- Mylobot Botnet Emerges with Rare Level of Complexity A new botnet from the Dark Web displays a never-before-seen level of complexity in terms of the sheer breadth of its various tools.
- Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement The move escalates tensions between the phone giant and federal law enforcement when it comes to mobile security.