A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Well, the New Year didn’t get off to a good start for some. The most visible of them being Travelex as a result of an unpatched VPN solution. From there things have rapidly fallen apart, and it ain’t over yet…
- That Pulse Secure VPN you’re using to protect your data? Better get it patched – or it’s going to be ransomware time
- Travelex still offline after discovering malware on New Year’s Eve, and other bank’s currency services are also affected
SQL Injection can cause a lot of damage, but what if it could create new laws?
- I’m the queen of Gibraltar and will never get a traffic ticket… just two of the things anyone could have written into country’s laws thanks to unsanitised SQL input vuln
A bit of legal action I hope the developer community is watching as to how it will pan out and affect us all:
The rest of the news:
- IT exec sets up fake biz, uses it to bill his bosses $6m for phantom gear, gets caught by Microsoft Word metadata
- Exploit Fully Breaks SHA-1, Lowers the Attack Bar – Users of GnuPG, OpenSSL and Git could be in danger from an attack that”s practical for ordinary attackers to carry out.