A selection of this week’s more interesting vulnerability disclosures and cyber security news. A few items of particular note this week, one of which is very old news concerning Yahoo and comes as no surprise I expect to many. With any breach announcement, do we take the claimed numbers as reliable and pretend we weren’t affected, or should be just assume it was everything and react appropriately?

I bet you’ve noticed the increasing stream of fake emails with attachments? Now we know what they harbour and it’s certainly not nice. If you’re not educating your users, or ensuing macros won’t run every time a file is opened already, then you had better be locking things down before something else locks your system down in an expensive way:

A really curious bit of research on continuous authentication methods appeared in my feed this week. I feel it offers more than other attempts such as monitoring typing style, or facial features, and made me recall an old Linux proximity lock I tried years ago based on detecting the presence of my Bluetooth mobile phone. However that became an inconvenience if the phone was either left somewhere else or ran flat. Hopefully in this case I shouldn’t be without my heart; I think I would notice…


Other news this week:


Weekly Cyber Security News 06/10/2017