Weekly Cyber Security News 12/01/2018

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Most of the news has continued to be related to Meltdown, but a few other interesting notes popped up. The first is a common issue in appliance/IoT world of hard coded credentials. Just one question why is this still a thing?

• Hardcoded Backdoor Found on Western Digital Storage Devices

An issue has come up too with the very popular SSL cert project Let’s Encrypt. Hopefully this will be rectified quickly:

• Let’s Encrypt Disables TLS-SNI-01 Validation

One issue from last year that seemed to have sunk under all the other ‘exciting’ news since is the vulnerability to WPA. Looks like a new standard is finally heading out of the door this year (hopefully):

• WPA3 to Bring Improved Wireless Security in 2018

Mostly CPU stuff then….

• Hundreds left vulnerable to hackers after Johnson and Johnson data blunder Aaron Rogan reports

• UK: ICO slams Carphone Warehouse with £400,000 penalty; inadequate security contributed to 2015 hack

• Bogus Passwords Can Unlock AppStore Preferences in macOS

• Creditseva hacked, personal and sensitive data accessed

• IBM Starts Patching Spectre, Meltdown Vulnerabilities

• Lawsuits Filed Against Intel Over CPU Vulnerabilities

• Meltdown Patch Broke Some Ubuntu Systems

• Qualcomm Working on Mitigations for Spectre, Meltdown

• Response to Meltdown and Spectre

• Sask. Health Authority sends more private health info to computer shop, says frustrated owner

• ZeuS Variant Abuses Legitimate Developer’s Website

• Android Malware Developed in Kotlin Programming Language Found in Google Play

• VirusTotal Launches Visualization Tool

• AMD Working on Microcode Updates to Mitigate Spectre Attack

• Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches Windows servers will see biggest degradation, as will Windows 7 and 8 client machines, Microsoft said.

• Adobe Patch Tuesday Updates Fix Only One Flash Player Flaw

• Microsoft Patches for CPU Flaws Break Windows, Apps

• Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patches

• NVIDIA Updates GPU Drivers to Mitigate CPU Flaws

• Ubuntu Preps Patches for Meltdown, Spectre CPU Flaws