A selection of this week’s more interesting vulnerability disclosures and cyber security news. A plethora of choice this week to pick three items of interest… Where to start… OK, first is this very odd fiasco over the Bloomberg story about Super Micro. So much seems wrong, but why are they sticking to it?
At first a rather innocuous story, however thinking about it, it’s quite alarming:
And as regular readers know, I like a bit of hardware or IoT news, and this one is cunning:
And for the other news of breaches and silly things….
- AWS FreeRTOS Bugs Allow Compromise of IoT Devices The bugs let hackers crash IoT devices, leak their information, and completely take them over.
- Two Critical RCE Bugs Patched in Drupal 7 and 8 Drupal’s advisory also included three patches for _moderately critical_ bugs.
- British Airways: If you”re feeling left out of our 380,000 passenger hack, then you may be one of another 185,000 victims (The Register)
- We asked 100 people to name a backdoored router. You said “EE”s 4GEE HH70”. Our survey says… Top answer! (The Register)
- You patch my back(up) and I”ll patch yours… Arcserve bugs burrow remotely exploited holes in UDP storage systems (The Register)
- Vuln: CakePHP CVE-2016-4793 Security Bypass Vulnerability CakePHP CVE-2016-4793 Security Bypass Vulnerability