A selection of this week’s more interesting vulnerability disclosures and cyber security news. Social media take-overs can be quite disastrous, and a recent UK law inforcement breach certainly caused a lot of embarrassment:
Might want to stay away from those dodgy websites while waiting for some fixes…
Something I’m already familiar with from back in my electronics days, and with the increase in use of such hardware, and coupled with the need to wire up the pins for both input and output, a spurious bit flip could prove interesting:
- CVE-2019-13991 Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity.
The rest of the news:
- Amazon Alexa, Google Home On Collision Course With Regulation Threatpost talks to Tim Mackey with Synopsys about recent Amazon Echo and Google Home privacy faux pas. Will GDPR and other regulations catch up to the voice assistants?
- Popular File-Sharing Service WeTransfer Used in Malicious Spam Campaigns WeTransfer is being used by hackers to circumvent email gateways looking to zap malicious links.
- New Loader Variant Behind Widespread Malware Attacks Malware infection technique called TxHollower gets updated with stealthy features.
- It’s 2019 and you can still pwn an iPhone with a website: Apple patches up iOS, Mac bugs in July security hole dump (The Register)