A selection of this week’s more interesting vulnerability disclosures and cyber security news. After the breach announcements last week another came in quite late of a long and well buried breach at Deloitte. One where its still not possible to say the hackers are truly ‘out of the system’! Looks like they too buried their heads in the sand and if I was cynical I could say they might be have been trying to bury to news on a bad news day? 😉
- Breach at Deloitte Exposes Emails, Client Data
- Deloitte hit by cyber-attack revealing clients secret emails Nick Hopkins reports
That would be a lot of S3 instances open then…..
- 7% of All Amazon S3 Servers Are Exposed, Explaining Recent Surge of Data Leaks Catalin Cimpanu reports
But not as bad as this lot being wide open! Such a crucially placed app doing slightly shady things should be cause for alarm. But then most users really aren’t going to notice are they? Who actually checks the permissions of an app are relevant when its installed? I do for one.
- Equifax CEO Retires in Wake of Breach After the company’s CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
- SEC Attackers Had Authentic Data Used in Business Tests: Reuters Sources say the hackers behind last year’s SEC breach accessed financial data used by companies testing its EDGAR filing system.
- Telstra glitch sends personal SMS messages to random recipients after fire at exchange Richard McLeish reports
- The Irish National Teacher’s Organisation suffers breach affecting up to 30,000 teachers Conor Donnelly reports
- Adobe Accidentally Posts Private PGP Key
- Apple Patches Vulnerabilities in macOS, macOS Server
- Cloudflare Announces Unmetered DDoS Mitigation, Geo Key Manager
- Android Malware Exploits Dirty COW Vulnerability
- Unsigned Apps Can Steal macOS Keychain Passwords
- Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android