A selection of this week’s more interesting vulnerability disclosures and cyber security news. Privacy is understandably a concern for all, and for those that are not that bothered and opt-in to give it away, I’m sure they assume it is for monitoring of their activities online. However, in this enterprising case, it appears to go beyond the virtual to physical and not where you would suspect…
Cryptocurrency mining is such a draw now it seems that some people go to amazing lengths to obtain it:
Browser fingerprinting evasion which limits identification during online activity looks to be taking a new bashing with this fascinating article:
More news here…
- RAMBleed picks up Rowhammer, smashes DRAM until it leaks apps” crypto-keys, passwords, other secrets
- Data Breach Disclosed by Online Invitation Firm Evite Evite’s data breach, stemming from an – inactive data storage file,_ is only one of many breaches to be disclosed this week.
- Data Breach Exposes 100K U.S. Traveler Photos, License Plates A recent breach of U.S. Customs and Border Protection traveler photo and license plate data has led experts to condemn the collection and storage of facial recognition data.
- Linux Command-Line Editors Vulnerable to High-Severity Bug A bug impacting editors Vim and Neovim could allow a trojan code to escape sandbox mitigations.
- Troy Hunt Looks to Sell Have I Been Pwned _Project Svalbard_ has commenced, as Hunt looks for the right company to take over the password-focused service.
- VLC Player Gets Patched for Two High-Severity Bugs Popular media player receives 33 security bug fixes, two of which are rated high severity.
- WordPress Sites Worldwide Hit with ‘Call-Girl’ Search-Engine Pollution A web spam campaign targeting Koreans is affecting non-hacked websites worldwide.
- Yubico YubiKey lets you be me: Security blunder sparks recall of govt-friendly auth tokens (The Register)
- Google Calendar Attacks Target Unwitting Mobile Users Automatic invite notifications are spreading malicious links.