A selection of this week’s more interesting vulnerability disclosures and cyber security news. Should we be surprised that there are weaknesses in a car app that lets you locate and remotely control them? We’ve been here before – too many times before. Again, possibly bad management, specification and design failures all round, and no one seems to learn:
- Hacker could locate thousands of cars and kill their engines remotely via poorly-secured GPS tracking apps
Another failure where design and QA should have took there time to get things right. With high risk project did they even consider and use the right people? Was it a rush to glue all the bits together and hope it works? We may never know:
I admit I’m paranoid about backups and what remains on storage devices. Whenever I’m had to decommission and dispose of kit during a refresh I would normally extract the HDDs and personally wipe with highly rated software for the job before trusting with an external waste management firm to have ago. What about the general consumer? Personal experience shows, like this report, that most think simply deleting does the job. They might strike lucky – that time. But what if someone is out for long hanging fruit?
Other stuff going on:
- Wi-Fi Hotspot Finder Spills 2 Million Passwords China-based app maker ignored repeated warnings by researchers that its password database stored in plain text was accessible to anyone online.
- Evil TeamViewer Attacks Under the Guise of the U.S. State Department The attack is targeting financial regulators and embassy staff– but probably isn’t the work of an APT.
- Weather Channel Knocked Off-Air in Dangerous Precedent The incident was the work of malicious cyberattackers.
- Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.