A selection of this week’s more interesting vulnerability disclosures and cyber security news. Yet another instance of tainting a dev module repository surfaced this week. That’s quite a few this year alone, and a few too many really. With Python, Node and of course CMS platforms being targetted by malicious module admins, this really does little to provide confidence that we can trust what we pull in. Perhaps more needs to be done on the part of both repo contributors and admin, any thoughts?

While the above was a covert attempt to infiltrate, looks like some are about to make it far far worse with a ‘cool’ idea:

As we know biometrics can be a problem if somehow there is a flaw because its not easy changing a physical attribute. Next in queue for difficulty fixing a vulnerability is in a method that is mass produced such as ID cards, passports and credit cards. One has popped up and as is the way, opportunity to abuse usually leads a long way ahead of any fix:


Other items of interest:

Weekly Cyber Security News 30/11/2018