A selection of this week’s more interesting vulnerability disclosures and cyber security news. And Magecart is back…. In a big way too. Need to watch out even if you don’t have Magento as their new approach could just leave the dodgy JS all over the place:
Here is a staggering tale of two wrongs definitely not making a right!
After those revelations, why not some out right geek action? So much fun can still be had in old tech 🙂
Other exciting news…
- Amazon asks for clarification of data retention requirements under Australia’s encryption laws (ZDNet)
- AMD”s SEV tech that protects cloud VMs from rogue servers may as well stand for… Still Extremely Vulnerable (The Register)
- GE Aviation Passwords, Source Code Exposed in Open Jenkins Server A DNS misconfiguration resulted in an open Jenkins server being available to all.
- Latest FinSpy Modules Lift Data from Secure Messaging Apps The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.
- Remember Stuxnet; You’ll endure its hated-by-critics sequel if you don’t patch your holey Siemens industrial kit (The Register)
- Agent Smith Malware Infects 25M Android Phones to Push Rogue Ads Researchers say malware infects phones in order to sneak ads on devices for profit.
- Meet the Great Duke of… DLL: Microsoft shines light on Astaroth, a devilishly sneaky strain of fileless malware
- Zoom Pushes Emergency Patch for Webcam Hijack Flaw After media scrutiny, the collaboration service has decided to address the zero-day after initially dismissing its severity.