A selection of this week’s more interesting vulnerability disclosures and cyber security news. There’s leaving a few API keys in a GitHub repo, and there’s leaving everything on Pastebin. The question then is who did it? Staff, hacker or 3rd party? Perhaps we will never know. Do we however have a moral of the story here? Maybe just don’t write everything down in the clear (and give it to someone)…
Staying undetected for maximum effect is a serious objective for an attacker, however, in this case they blew their cover eventually. For those of us defending, well, even the slightest irregular deviation from the normal should trigger something. But false positives becoming desensitising, so how do you define normal?
A reliable attack vector on a major security component has now been demonstrated with viable time scales for this side channel attack. Where do we go from here?
In other news:
- Microsoft Patches RCE Bug Actively Under Attack Microsoft tackles 74 bugs as part of its November Patch Tuesday security bulletin.