A selection of this week’s more interesting vulnerability disclosures and cyber security news.Well, what a week for interesting and often explosive news. To start off let’s first point out a follow-up article to last week’s theme. A quite disturbing one actually and well worth consideration:
Lots of news this week and the one that really rises to the top is a huge leak of demographic data which could be quite revealing:
- Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records Andy Greenberg reports
- Newly Revealed Exactis Data Leak Bigger Than Equifax’s Marketing data firm left its massive database open to the Internet
And finally to round off with a nasty issue that is going to affect a lot of web sites if they make use of the login feature for users:
Here are the other bits that just couldn’t quite fit in:
- Education Scotland order hard reset on school social networking app following major security breach Derek Healey reports.
- Ticketmaster Chat Feature Leads to Credit-Card Breach Name, address, email address, telephone number, payment details and Ticketmaster login details were potentially compromised for tens of thousands of customers.
- 65% of Resold Memory Cards Still Pack Personal Data Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
- First Nationwide Undercover Operation Targeting Darknet Vendors Results in Arrests of More Than 35 Individuals
- UK Tax Agency Collects 5.1M Biometric Voice IDs, May Violate GDPR The agency doesn’t ask for explicit consent to collect the voiceprints; and, the deletion and erasure process lacks transparency.
- WebAssembly Changes Could Ruin Meltdown and Spectre Browser Patches The planned threading in shared memory update gives bad actors a way around the timer mitigations released by browser vendors.
- Fortnite Fraudsters Infest the Web with Fake Apps, Scams Malefactors have doubled down on duping Fortnite enthusiasts
- iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes A vulnerability in Apple’s iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company’s devices.
- Malicious App Infects 60,000 Android Devices – But Still Saves Their Batteries A battery-saving app enables attackers to snatch text messages and read sensitive log data but it also holds true to its advertising.
- Norwegian Agency Dings Facebook, Google For ‘Unethical’ Privacy Tactics Facebook and Google are doing anything they can to nudge users away from data privacy, a Norwegian agency alleged in a new report.
- Roku TV, Sonos Speaker Devices Open to Takeover The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.