A selection of this week’s more interesting vulnerability disclosures and cyber security news. As this article coincides with the all out sales fest of Black Friday, I thought I would highlight a number of articles along this theme to remind everyone that while shopping online can be fun, it can also contain traps for the unwary…
I’ve already had loads of pre-Black Friday email offers through, but are they real? Most likely yes, but as usual, my practice is never to follow any links in emails. Stay sharp with some of these warnings:
Going directly to the retailer’s website is a good thing, sometimes though you might hit a search engine first to find other similar offers. Be careful if you happen to hit Google Maps. A new possible wider threat might be out there to redirect you to replica sites out to get your cash:
And as usual, I end with an IoT item. A good checklist if you are considering adding to your tech at home:
If you’re not off shopping right now, here some other news:
- Stopping the Infiltration of Things If a network-connected smoke detector starts communicating with the mail server, you know you have a problem.
- Critical Adobe Flash Bug Impacts Windows, macOS, Linux and Chrome OS Adobe issues patch for a Flash Player vulnerability that could lead to an arbitrary code execution on targeted systems.
- Emoji Attack Can Kill Skype for Business Chat The _Kitten of Doom_ denial-of-service attack is easy to carry out.
- Ford Eyes Use of Customer’s Personal Data to Boost Profits Ford’s CEO sees the tech company model as key to the company’s next chapter.
- LastPass; More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers (The Register)
- What the #!/%* is that rogue Raspberry Pi doing plugged into my company”s server room, sysadmin despairs
- Gmail Glitch Enables Anonymous Messages in Phishing Attacks A glitch in the UX in Gmail allows the ‘from’ field to be forged so there is no sender listed in the email’s header.
- Gmail Glitch Offers Stealthy Trick for Phishing Attacks The issue comes from how Gmail automatically files messages into the _Sent_ folder.
- For Apple users without latest security updates, the letter “d” is not always the letter “d” (ZDNet)