A selection of this week’s more interesting vulnerability disclosures and cyber security news. A number of IoT issues cropped up this week that made me pause (and yes, pun intended this time) affecting a pet related device as well as the usual home/office arena. The Z-Wave attack while great headlines does in fact have a very narrow window of opportunity, but still could provide a pivot. The pet one however a little more concerning, and as usual concerns apps and/or Bluetooth:
- Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners’ personal data.
The third issue that surfaced many people (mostly home):
The rest of it:
- ZipperDown Vulnerability Could Hit 10% of iOS Apps A newly discovered vulnerability could affect thousands of iOS apps- and Android users may not be spared.
- Bombas notifies consumers of breach going back to 2013 Bombas is sending out a breach notification to consumers
- CVE-2017-18269 An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library
- Misconfigured Reverse Proxy Servers Spill Credentials Researchers created a proof-of-concept attack that allows remote attackers to access protected APIs to extract credentials.
- ‘Roaming Mantis’ Android Malware Evolves, Expands Targets Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
- Intel Responds to Spectre-Like Flaw In CPUs Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.
- Malicious PHP Script Infects 2,400 Websites in the Past Week A botnet called Brain Food is pushing diet pills via infected WordPress and Joomla websites.
- Researchers Say More Spectre-Related CPU Flaws On Horizon Yet another speculative execution side channel flaw has been disclosed in processors and security experts warn that more may be out there.