A selection of this week’s more interesting vulnerability disclosures and cyber security news. Wikipedia’s DDOS attack hit the news this week, and their plight drew an amazing donation to help further their defensive capabilities:
An article on the meaning of CVSS scores caught my attention this week. Its hard to say whether I fall guilty to prioritising the higher rated issues, when in reality it is the context, and even more so, the high probability of a chained attack through lower rated ones could reach the same target. With everything connected to infosec, regular review of our practices is a good thing. Take a look at your own stance in light of this one:
Talking of reviewing infosec practices, this little gem certainly should come under the same umbrella!
- From pen-test to penitentiary: Infosec duo cuffed after physically breaking into courthouse during IT security assessment
The other items in the news…
- Major Groupon, Ticketmaster Fraud Scheme Exposed By Insecure Database An exposed database containing 17 million email addresses exposed a massive fraud scheme impacting vendors like Groupon and Ticketmaster.
- 198 Million Car-Buyer Records Exposed Online for All to See An Elastica DB belonging to Dealer Leads exposed a raft of information collected by _research_ websites aimed at prospective car buyers.
- Telnet Backdoor Opens More Than 1M IoT Radios to Hijack Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.
- Exim marks the spot of remote code execution: Patch due out today for ‘give me root’ flaw in mail server