A selection of this week’s more interesting vulnerability disclosures and cyber security news. An bumper crop this week of news items of note, had to seriously prune them down to a manageable number which is a shame.
First up; is it art, or history, or an accident waiting to happen?
In another case of déjà vu (but isn’t most infosec news like that?), where fake celebs were trying to get your data, even the real ones are at it. Who would be daft enough to oblige? Plenty it seems:
Yet another batch of IoT fails. I wanted to select just one, but hey, they are all deserving:
Something to peruse later:
- Billions of Malicious Bots Take to Cipher-Stunting to Hide Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting.
- Google Titan Security Key Recalled After Bluetooth Pairing Bug Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.
- WhatsApp Zero-Day Exploited in Targeted Spyware Attacks WhatsApp has patched a vulnerability that allowed attackers to install spyware on victims’ phones.
- Linux Kernel Flaw Allows Remote Code-Execution The bug is remotely exploitable without authentication or user interaction.