A selection of this week’s more interesting vulnerability disclosures and cyber security news. Been a strange week, always is, but this time some really dumb self inflicted breaches and own goals that defy belief. What I will focus on this week is the future, the dark looming cloud that is brewing from badly thought-out out approaches to dealing with an age old problem.
First up, is what appears to be a disturbing heavy handed approach to dealing with a genuine concern. Will this spread to other locations or just a blip?
Now, I do regularly moan about IoT; we all do right? Perhaps the only ones not are the lawyers who are standing by sharpening their knives. There have been a few casualties over the years, though a large outright fail has to happen soon, too many are poking it with sticks. I want to be as far away as possible when it does!
OK, I lied about looking into the future, I’m sure you will get over that with such a fun and integrating attack vector. Makes me want to try and find an old fax machine to take a look, not that I’ve seen one in years mind…
The other nonsense:
- Comcast breach exposes 26.5m customer’s Social Security Numbers and partial addresses Cory Doctorow reports
- 2018 Pwnie Awards: Who Pwned, Who Got Pwned A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
- Chris Valasek and Charlie Miller: How to Secure Autonomous Vehicles Famous car hackers Chris Valasek and Charlie Miller
- Google Services Track User Movements In Privacy Faux Pas A recent report found that Google services with functions like checking maps, the weather, and search are tracking users even when they deny permission.
- Hacker Unlocks ‘God Mode’ and Shares the ‘Key’ A researcher proves that it’s possible to break the most fundamental security on some CPUs.
- Instagram Hack: Hundreds Affected, Russia Suspected Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
- New Trickbot Variant Touts Stealthy Code-Injection Trick Trickbot is back, this time with a stealthy code injection trick.
- Vuln: Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities Multiple Intel Processors Side Channel Attack Multiple Information Disclosure Vulnerabilities
- Weakness in WhatsApp Enables Large-Scale Social Engineering Problem lies in WhatsApp’s validation of message parameters and cannot be currently mitigated, Check Point researchers say.
- IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships Researcher Ruben Santamarta shared the details