A selection of this week’s more interesting vulnerability disclosures and cyber security news. Another week in to 2019 and it’s just not getting better is it? Some more pretty big breaches and the worst; companies that should know better apparently missing the mark:
Add to this our legacy digital footprint leaving more than behind than we would have hoped. Another reason to switch off everything on your phone that makes it ‘smart’:
After a previous article I’ve seen on how dumbing down biometrics is done to actually make them work renders a good idea (somewhat) useless. I personally wouldn’t rely on biometrics entirely for authentication. If pushed, only with another factor that can be changed such as a password or pin, you know, as a form of mini-2FA:
- Biometrics in 2019: Increased Security or New Attack Vector? Should we pump the brakes on the roll out of biometric security to first consider whether we are creating new vulnerabilities?
Other fun this week:
- Adobe Patches Important Bugs in Connect and Digital Edition The update comes on the heels of critical fixes in an unscheduled patch last week.
- Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole � anyone upset, yell now
- New side-channel leak: Boffins bash operating system page caches until they spill secrets (The Register)
- ThreatList: WordPress Vulnerabilities Tripled in 2018 Despite fewer plugins being added to WordPress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018.