A selection of this week’s more interesting vulnerability disclosures and cyber security news. Looks like 2019 starts as busy as the previous year ended, breaches and failures all around. Let’s start with a pretty dumb but not uncommon issue – someone entering the wrong email address. How bad can that go?
- Um, I”m not that Gary, American man tells Ryanair after being sent other Gary”s flight itinerary (The Register)
Yet another biometric authentication method suffers a set back:
I recently had to replace one of my outdoor CCTV cameras and this kind of problem is why I immediately locked down all features and removed phone apps once it was up and running:
- Guardzilla Home Cameras Open to Anyone Wanting to Watch Their Footage The home surveillance cams have hard-coded credentials.
Other exciting news to kick start the year:
- First-Ever UEFI Rootkit Tied to Sednit APT Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.
- Hijacking Online Accounts Via Hacked Voicemail Systems Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.
- Malware Attack Crippled Production of Major U.S. Newspapers Reports have linked the attack to the Ryuk ransomware.
- Open-source devs: Wget off your bloated festive behinds and patch this user cred-blabbing bug (The Register)