A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24.
Blockchain is trendy, has been for a while, and to be honest its not something I’ve had time to look at myself. All I tend to hear about are companies trying to find uses for that and/or machine learning, and the often shouted response of others saying its a solution looking for a problem outside it’s original sphere. That might be right, it might be wrong, I’m not qualified to say one way or the other. An amazing Twitter thread came up this week of the pros and cons were fully fought. It makes for an interesting read:
Further cryptocurrency news, and a breach notification has people nervous:
Whenever a known threat takes a new infection route it usually brings questions of how it can affect our own systems. Like many sysadmins around the world, I’ve had to implement guest wi-fi networks away from the company’s intranet, and then fight against requests to bridge that network because a visitor needs to do something. Well, the risk is that something like this could happen:
- Game over, LAN, game over! Windows software nasty Emotet spotted spreading via brute-forced Wi-Fi networks
More fun news….
- Android owners – you’ll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw
- SoundCloud Tackles DoS, Account Takeover Issues – Among other issues, the music platform didn’t limit the number of login attempts someone could make.
- These truly are the end times for TLS 1.0, 1.1: Firefox hopes to “eradicate” weak HTTPS standard by blocking it
- Why, oh why, don’t some entities respond to notifications about leaking patient data, Wednesday edition
- Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks
- Puerto Rico Gov Hit By $2.6M Phishing Scam – A recent phishing scam targeted Puerto Rico’s Industrial Development Company.
- Intel Patches High-Severity Flaw in Security Engine – The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure.