A selection of this week’s more interesting vulnerability disclosures and cyber security news. Yet another instance of tainting a dev module repository surfaced this week. That’s quite a few this year alone, and a few too many really. With Python, Node and of course CMS platforms being targetted by malicious module admins, this really does little to provide confidence that we can trust what we pull in. Perhaps more needs to be done on the part of both repo contributors and admin, any thoughts?
While the above was a covert attempt to infiltrate, looks like some are about to make it far far worse with a ‘cool’ idea:
- Google, Mozilla working on letting web apps edit files despite warning it could be “abused in terrible ways” (TechRepublic)
As we know biometrics can be a problem if somehow there is a flaw because its not easy changing a physical attribute. Next in queue for difficulty fixing a vulnerability is in a method that is mass produced such as ID cards, passports and credit cards. One has popped up and as is the way, opportunity to abuse usually leads a long way ahead of any fix:
Other items of interest:
- 3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to click on up to 12 billion adverts a day (The Register)
- Big Blue shoos Db2 blues before rogue staff turn the screws in hijack ruse (translation: patch your IBM databases) (The Register)
- US told to quit sharing data with human rights-violating surveillance regime. Which one, you ask? That”d be the UK
- User Confidence in Smartphone Security Abysmal Sixty-six of percent of phone users said they had suffered data-related harm: 11 percent suffered identity theft, 22 percent account hacking, 14 percent credit cards hacking and 12 percent financial fraud.?
- LinkedIn used 18M non-member emails to target Facebook ads. Were you a victim?
- UK gov”t seizes documents Facebook wanted to keep private in Cambridge Analytica battle
- Critical Zoom Flaw Lets Hackers Hijack Conference Meetings Hackers can spoof messages, hijack screen controls and kick others out of meetings.