A selection of this week’s more interesting vulnerability disclosures and cyber security news. Continued focus on locating issues in Docker reveal another flaw. This time with no patch (though I notice some Docker updates this week). Watch your backs folks:
Even with the advice to avoid SMS and mobile phone 2FA, adding this sometimes weak extra step can be enough to dissuaded someone from further break-in attempts. Like household burglaries, easy targets are the best. Pile up the barriers and make them look elsewhere!
I’m not sure if this a good thing or not, and as usual poses more questions:
In other news:
- 200k Personal Records Exposed by Events Planning Firm Amazingco, an events planning firm, exposed 212,220 records with personal data relating to children’s parties, wine tours and more.
- Millions of personal files exposed by insurance biz, serial web hacker strikes again, and more from infosec land
- 50k Servers Infected with Cryptomining Malware in Nansh0u Campaign A rapidly-expanding campaign has infected 50,000 servers with malware that mines an open source cryptocurrency called TurtleCoin.
- Two weeks after Microsoft warned of Windows RDP worms, a million internet-facing boxes still vulnerable (The Register)