A selection of this week’s more interesting vulnerability disclosures and cyber security news. A pretty energetic week for a change. Varied and unexpected breaches as is the norm, though a few new items of note. The first is a little worrying, and really hopefully (at least for the public) won’t set a precedent: Penalising those that can’t make use of good password best practice. Sure, users really do need some help, even more so those that aren’t ‘tech savvy’, but chasing them because of breaches…
There is a fine line in infosec, and those on both sides know that:
No fresh IoT hell this week, instead, a really good bit of hardware magic:
- MagentoCore Card Skimmer Found on Mass Numbers of E-Commerce Sites The Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date.
- Thousands of MikroTik Routers Hijacked for Eavesdropping Using a known vulnerability, the threat actor is listening to a variety of ports.
- ‘CamuBot’ Banking Malware Ups the Trojan Game with Biometric Bypass CamuBot is a unique malware targeting Brazilian bank customers that attempts to bypass biometric account protections.