A selection of this week’s more interesting vulnerability disclosures and cyber security news. Here we are again, another week and another S3 leak. I really don’t understand how this keeps happening. Either its sloppy admin or people with no technical (or security) understanding is being let loose on a complex cloud service – both are not great:
- Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank Netflix, TD Bank, and Ford were only a few of the companies whose data was exposed by three leaky Amazon S3 buckets owned by Attunity.
You would hope that when you call in experts to help with a problem, you are dealing with someone responsible. Most often that is the case, however, can you be really sure?
- Biz tells ransomware victims it can decrypt their files… by secretly paying off the crooks and banking a fat margin
Let’s have another classic; an IoT fail of course!
- Smart Lock Turns Out to be Not So Smart, or Secure Pentesters say a keyless smart lock made by U-tec, called Ultraloq, is neither ultra or secure.
More news here:
- UK”s MoD is helping itself to cops” fingerprint database “unlawfully”, rules biometrics chief (The Register)
- 2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz (The Register)
- Colorado Man, Operating Under The Nicknames ‘Penissmith’ And ‘Botah’ Indicted On Racketeering Charges Related To Darknet Marketplace AlphaBay
- Dominion National investigates and notifies after discovering unauthorized access to servers that began as early as 2010
- Epyc crypto flaw? AMD emits firmware fix for server processors after Googler smashes RAM encryption algorithms
- Google Announces DNS over HTTPS ‘General Availability’ Google finalizes its DNS-over-HTTPS service inching toward a world where DNS request are sent via HTTPS and not UDP or TCP.
- Proofpoint Domain Fraud Report Finds Millions of New Fraudulent Domains; Over 90 Percent Remain Active
- What the cell…? Telcos around the world were so severely pwned, they didn’t notice the hackers setting up VPN points
- Three quarters of mobile apps have this security vulnerability that could put your personal data at risk (ZDNet)
- No Slack for you! Microsoft puts rival app on internal list of ‘prohibited and discouraged’ software