A selection of this week’s more interesting vulnerability disclosures and cyber security news. After the breach announcements last week another came in quite late of a long and well buried breach at Deloitte. One where its still not possible to say the hackers are truly ‘out of the system’! Looks like they too buried their heads in the sand and if I was cynical I could say they might be have been trying to bury to news on a bad news day? 😉
- Breach at Deloitte Exposes Emails, Client Data
- Deloitte hit by cyber-attack revealing clients secret emails Nick Hopkins reports
That would be a lot of S3 instances open then…..
But not as bad as this lot being wide open! Such a crucially placed app doing slightly shady things should be cause for alarm. But then most users really aren’t going to notice are they? Who actually checks the permissions of an app are relevant when its installed? I do for one.
Other bits:
- The Irish National Teacher’s Organisation suffers breach affecting up to 30,000 teachers Conor Donnelly reports
- Adobe Accidentally Posts Private PGP Key
- Apple Patches Vulnerabilities in macOS, macOS Server
- Cloudflare Announces Unmetered DDoS Mitigation, Geo Key Manager
- Android Malware Exploits Dirty COW Vulnerability
- Unsigned Apps Can Steal macOS Keychain Passwords
- Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android
