A selection of this week’s more interesting vulnerability disclosures and cyber security news.
The concerns this week I feel are around the ever growing threat (and actual compromise) of mobile phones, in particular Android which having numerous delays in rolling out patches provides a huge pool of potential targets for malware. The problem I see comes from both the attitude of users not considering what privileges they are giving away as there is little they can do to customise (I know that finer grain control is slowly coming), as well as developers in haste to throw out the ‘next best thing’ fail to consider any kind of security, even basic encrypted transmissions would be a start!
- Pokemon GO DDoS Attacks Postponed as PoodleCorp Botnet Suffers Security Breach Catalin Cimpanu reports
- Android’s latest patches once again remind us: It’s Nexus or bust if you want decent security (The Register)
- Mickey Mouse Club had Mickey Mouse security: Disney’s Playdom forum pours out passwords (The Register)
- No need to panic, says SwiftKey, as email addresses, phone numbers appear on strangers’ screens (The Register)
- Pregnancy-tracking app was riddled with vulnerabilities, exposing extremely sensitive personal information Cory Doctorow reports
- Google Adds New Kernel-Level Protections For Android Measures include kernel memory controls and features to reduce attack surface.
And in other news….
- Banks on the defense following hack of 410,000 Vietnam Airlines VIP member accounts Tuoi Tre News reports
- Warning: Some people using the new iPhone jailbreak are seeing credit card, PayPal account breaches (Yahoo Security)