A selection of this week’s more interesting vulnerability disclosures and cyber security news. Being a popular tool, I do find it odd that while faults in Zip files have been known for a long time, WinRAR has only just been identified with similar issues. Well, better late than never I suppose:
Drupal and WordPress have some pretty nasty issues right now folks. Better get patching:
- No RESTful the wicked: If your website runs Drupal, you need to check for security updates – unless you enjoy being hacked
It’s nice to know how long we have to contain threats – or is it?
The rest of the news…
- Check yo self before you HyperWreck yo self: Cisco fixes gimme-root holes in HyperFlex, plus more security bugs (The Register)
- Researcher: Not Hard for a Hacker to Capsize a Ship at Sea Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.
- Unearthed emails could be smoking gun for epic GDPR battle against Google, adtech giants (The Register)
- Welcome to the sunlit uplands of HTTP/2, where a naughty request can send Microsoft”s IIS into a spin (The Register)
- 19-Year-Old WinRAR Flaw Plagues 500 Million Users Users of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR.
- Password Manager Firms Blast Back at ‘Leaky Password’ Revelations 1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.