A selection of this week’s more interesting vulnerability disclosures and cyber security news. Oh so many again this week, but I will for a huge change, start with a nice positive story. While its about the infosec industry (why else appear here I suppose???), the same goes from almost any other tech related field – like this, and others, it was pretty much my route too:
From the end of last week a horrifying analysis of how bad the financial industry could well be. I can’t be sure how wide spread such issues are having never worked in that one myself, but these practices really don’t inspire confidence do they?
Of course I need to have another pot shot at IoT and the smoothly links with the previous article – in a tenuous way. Is this a gimmick or the ‘future’?
- Identities of thousands of Tennesseans with HIV made vulnerable by government error Bret Kelman reports
- Timehop Breach Impacts Personal Data of 21 Million Users A massive breach has impacted up to 21 million users’ personal data and their social media _access tokens._
- Timehop Releases New Details About July 4 Breach Additional information includes PII affected and the authentication issue that led to the breach.
- After Strava, Polar is Revealing the Homes of Soldiers and Spies Foeke Postma reveals the disastrous situation
- Another Crypto(Currency) Fail: Hackers Steal $23.5 Million from Token Service Bancor Jeff John Roberts reports
- Chrome Now Features Site Isolation to Defend Against Spectre A new feature called site isolation is being tapped to protect Chrome users against Spectre.
- Old Malware Gives Criminals Tricky New Choice: Ransomware or Mining The Rakhni Trojan is now giving bad actors the ability to infect victims either with a ransomware cryptor or a miner.
- ThreatList: 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat.
- Apple OS Update Lifts Curtain on iPhone USB Restricted Mode Apple has officially added a controversial security feature, USB Restricted Mode, to iPhones as part of its new iOS 11.4.1, released on Monday.
- Microsoft Fixes 17 Critical Bugs in July Patch Tuesday Release Microsoft patches 17 critical bugs and 34 important bugs as part of its monthly security bulletin.
- Google Patches Critical Remote Code Execution Bugs in Android OS The July Android Security bulletin tackles 44 vulnerabilities in all, with the bulk rated high in severity.