A selection of this week’s more interesting vulnerability disclosures and cyber security news.
I was drawn to an article that made me recall a recent experience while moving my VPS to another provider (long story why), but the point being, a couple of weeks after I had completed the move I received alarms from my monitoring system saying my original VPS had just powered up. At first I thought this was a miss-fire but then other messages came in to say the original VPS was now in a running state and I was able to still login to it! It turned out that the provider had not deleted my VPS at time of request, and instead placed it on the recycle list as its common for some customers to forget payment and then pay a few days late. What possibly happened was the host machine rebooted and restarted all virtual machines including those flagged for deletion. I did point this out as pretty bad design, and luckily I had purged all useful data prior to getting rid of it anyway. Had I not done that, and had I not been still monitoring the machine would I have known that my site could have been used for other purposes?
It does pay to be sure when decommissioning servers or services in the cloud to ensure their zombie form won’t come back and pose a risk.
And for your pleasure, the usual breaches and for some reason, the need to patch Flash. You’re not using Flash still are you?: