A selection of this week’s more interesting vulnerability disclosures and cyber security news. It’s been a while since we had reports of a Node.Js module repo tainting, this time though, it appears that its Ruby’s turn to suffer along with Google scoring an own goal. Trust in the code library supply chain shows once again that mistakes can have a wide ranging impact. I don’t have any solutions. Does anyone?

We’ve seen regular exposure of S3, Elastic Search and MongoDB instances. In some ways it can be understandable (though not defensible) as to why they might be exposed. What I am utterly amazed at is the discovery of iSCSI exposure! What were they thinking – if they were at all?:

Could this be a new angle for the future?


In other news…

Weekly Cyber Security News 05/04/2019