A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking. Luckily it seems only a small (but still large proportion) of users are affected, and the response to deal with it was rapid, it still gives an uneasy feeling to what could happen if someone struck an even greater prize:
What did you do for World Password Day?
The more successful fraudsters and scammers play on authority in some way. If someone with a high viz jacket knocks on the door, or an apparent police officer asks you to do something, most would comply without question; and if a famous person makes contact, well, you’d be thrilled right?
- Brit events and info biz Incisive Media admits open server port may have left readers deets exposed (The Register)
- GoDaddy Shutters 14,000 Subdomains Tied to ‘Snake Oil’ Scams GoDaddy worked with researchers to shut down 15,000 domain-shadowing websites tied to bogus affiliate marketing offers promoted via spam campaigns.
- If you”re using Oracle”s WebLogic Server, check for security fixes: Bug exploited in the wild to install ransomware
- Malware Infests Popular Pirate Streaming Hardware Hardware that supports pirated video streaming content comes packed with malware.
- Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are oh no, wait, it”s Cisco again (The Register)
- There”s NordVPN odd about this, right – Infosec types concerned over strange app traffic (The Register)