A selection of this week’s more interesting vulnerability disclosures and cyber security news.
For this week’s post I have fought quite hard to resist commenting on the continued silliness of home router security and IoT vulnerabilities. I will leave it at that. You know what I’m talking about…
What has instead drawn my attention is the item directly below, not just in relation to telephone support numbers which all too often seem to be increasingly hard to find on corporate websites, necessitating the need to do a little bit of digging, I mean SEO poisoning. I’ve seen this off and on for a long time myself, of search engines producing what looks like great results for something but instead they are just links to nasty places. With the ease and lucritive return lure for cyber crime, this can only increase as crims pay highly for search result ranking. OK, of course the the search engines fight back and the ability to know what kind of risk lies behind a link we click is clear enough – isn’t it? When in a rush one slip is all it takes.
- Turning to the internet to find customer support numbers? Be wary, especially for Facebook (TechRepublic)
And the rest of the stuff going on. Including home router notifications…
- CVE-2016-6329 OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session
- Home-pwners: Cisco’s Prime Home lets hackers hijack people’s routers, no questions asked (The Register)
- How Cybercriminals Turn Employees Into Rogue Insiders The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
- The Interconnected Nature Of International Cybercrime How burgeoning hackers are honing their craft across language barriers from top tier cybercriminal ecosystems and forums of the Deep and Dark Web.