A selection of this week’s more interesting vulnerability disclosures and cyber security news. After a long occasional rumble of consumer network devices failing the basics of security, a huge storm of failures were highlighted across a swath of devices this week. If you are thinking of going shopping for a network device you had better take a look at this first:
Besides the local politics, this article should also have asked another question: Is a 15min infosec presentation enough? And is it a one-off?
Following the news last week of two pen-testers being busted for breaking and entering, further articles have appear giving both sides of the story, as well as a really fascinating article revealing others who do this for a living. Sometimes we do forget the physical and assume others have that covered. Do they?
- These Hacks Require Literally Sneaking in the Backdoor An on premise hacker can cripple even the best cybersecurity defenses.
- Remember that security probe that ended with a sheriff cuffing the pen testers? The contract is now public so you can decide who screwed up
- Smart TVs, Subscription Services Leak Data to Facebook, Google Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.
- If you”re using Harbor as your container registry, bear in mind it can be hijacked with has_admin_role = True
- Massive Gaming DDoS Exploits Widespread Technology The attack- the 4th-largest the company has ever encountered- leveraged WS-Discovery, which is found _everywhere._
- MPs call for ‘immediate’ stop to facial recog in UK as report underlines bias risks in ‘pre-crime’ algos used by coppers
- Scotiabank slammed for ‘muppet-grade security’ after internal source code and credentials spill onto open internet
- New Threat Actor Fraudulently Buys Digital Certificates to Spread Malware ReversingLabs identified cybercriminals duping certificate authorities by impersonating legitimate entities and then selling the certificates on the black market.