A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Cast your mind back to the Ashley Madison breach and the black-mailing of members revealed in that breach. I don’t recall another like it until recently. This time though, with how common ransomware has become, are we going to see more victims approached as well as the source of the data breach?
Two major large scale technology stacks have revealed vulnerabilities that will provide handy pivot points for attack and eventual compromise:
The nightmare for those affected by Travelex continues:
- Equifax Settles Class-Action Breach Lawsuit for $380.5M – Class members have until Jan. 22, next week, to claim benefits.
- Top Euro court tells cops, spies that yelling “national security” isn’t enough to force ISPs to hand over massive piles of people’s private data
- Cisco Webex Bug Allows Remote Code Execution – Cisco patched two high-severity flaws this week, in its Webex and IOS XE Software products.
- Intel Fixes High-Severity Flaw in Performance Analysis Tool – The flaw, in Intel VTune Profiler, could enable privilege escalation.