A selection of this week’s more interesting vulnerability disclosures and cyber security news. Like buses, don’t see one for ages and then suddenly loads turn up. Been like that with interesting news the last few weeks, yes we’ve had some pretty bid blows, but this week so so many to choose from.
My first is a glimpse into the underbelly of security research. The fine line. Fascinating back stories to situations we only hear the highlights (or lowlights) about at the time:
After the dreadful exposure of S3 data, looks like Amazon has added something that might help those that really are either clueless or careless about their data. Let’s see if this is the end of it… Somehow I don’t think so:
Ah, the leaving keys in binaries problem. An oldie but still a simple mistake that could be pretty disastrous as it turns out:
Go on, read the rest over the weekend…
- CVE-2017-16634 In Joomla! before 3.8.2, a bug allowed third parties to bypass a user’s 2-factor authentication method.
- Hackers Poison Google Search Results to Deliver Zeus Panda Threat actors leverage SEO to ensure malicious links rank highly in Google results to infect targets with Trojan.
- T-Mobile Alerted �A Few Hundred Customers� Targeted By Hackers Lorenzo Franceschi-Bicchierai reports
- Office 365 Missed 34,000 Phishing Emails Last Month Nearly 10% of emails delivered to Office 365 inboxes were spam, phishing messages, and known or zero-day malware.