A selection of this week’s more interesting vulnerability disclosures and cyber security news. Some absolute gems this week – that’s a bad thing, right? As the stakes rise for security risk and disclosure, two articles tweaked my attention on how it can sometimes not go right; for both sides. Something we all have to learn and build upon errors:
Then we have something creepy and a little worrying for other IoT devices. Time to find out if there are any other surprises in that box you have sitting and listening to you:
Breaches are bad. Breaches that include inflammatory material and accusations are even worse:
- B&Q data leak exposes information on 70,000 thefts from its stores, including names of suspected offenders
The rest of the week’s nightmares:
- Houzz Urges Password Resets After Data Breach The decorating website said that account usernames, passwords and more have been compromised as part of a breach.
- Boffin suggests Trappist monk approach for Spectre-Meltdown-grade processor flaws, other security holes: Don”t say anything public zip it
- Flaw in Multiple Airline Systems Exposes Passenger Data Up to eight airlines do not encrypt e-ticketing booking systems leaving personal customer data open for the taking.
- Hi, Jack”d: A little PSA for anyone using this dating-hook-up app… Anyone can slurp your private, public snaps
- I won”t bother hunting and reporting more Sony zero-days, because all I”d get is a lousy t-shirt (The Register)
- What are Data Manipulation Attacks, and How to Mitigate Against Them Hackers don’t always steal data. Sometimes the goal is to manipulate the data to intentionally trigger external events that can be capitalized on.
- Who are the last people you”d expect to spill thousands of student records? A computer science dept? What a fantastic guess
- Google Patches Critical .PNG Image Bug Eleven critical bugs will be patched as part of the February Android Security Bulletin.