A selection of this week’s more interesting vulnerability disclosures and cyber security news. This week we have a 10-year-old boy finding a massive hole, a huge data trove going to peanuts, and critical patches for OpenSSL and ImageMagick.
- $10,000 bounty for 10-year-old who found Instagram vulnerability (ArsTechnica)
- ‘Secure Coding as a Service’ Firm Sqreen Raises $2.3 Million (SecurityWeek)
- 272 Million Stolen Credentials For Sale? Don’t Panic (InfoRiskToday)
- Aging and bloated OpenSSL is purged of 2 high-severity bugs (ArsTechnica)
- Anonymous attack Greek central bank, warns others (Yahoo Security)
- Attackers Exploit Critical ImageMagick Vulnerability (SecurityWeek)
- Core Infrastructure Initiative Gives Out Best Practices Badges (SecurityWeek)
- CVE-2016-3716 The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
- Exclusive: Big data breaches found at major email services expert (Yahoo Security)
- Facebook bungs 10-year-old kid $10k to not ‘eliminate’ Justin Bieber (The Register)
- Gumtree ‘fesses up to breach and personal information leak (The Register)
- MongoDB on breaches: Software is secure, but some users are idiots (The Register)
- OpenSSL Updates, (Tue, May 3rd)
- Samsung Smart Home flaws let hackers make keys to front door (ArsTechnica)
- WiFi network named ‘mobile detonation device’ grounds plane (The Register)
Weekly Cyber Security News 06/05/2016
