A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. I have a great weird and wonderful selection for you this week. OK, I could have just opted for the usual major breaches and boy, don’t we have a few of those? No, instead some really odd geeky and perhaps quite pointless ones caught my attention. First is a look at air craft hacking. A really scary one and in a ‘Die Hard 2’ like situation some pilots are put to the test:
Of the most pointless of the bunch the award goes to this gem. Someone really must have had too much time on their hands:
My favourite though is another of those deep dives into the hardware. Maybe, just maybe we might hear from this one again in some spy class:
- “Unfixable” boot ROM security flaw in millions of Intel chips could spell “utter chaos” for DRM, file encryption, etc
The breaches and other stuff you like this week….
- Like a Virgin, hacked for the very first time… UK broadband ISP spills 900,000 punter’s records into wrong hands from insecure database
- Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef
- Delicious irony: Credit rating builder Loqbox lets customer details and card numbers slip after “sophisticated attack”
- Enable that MF-ing MFA: 1.2 million Azure Active Directory accounts compromised every month, reckons Microsoft
- It has been 15 years, and we’re still reporting homograph attacks – web domains that stealthily use non-Latin characters to appear legit
- Let’s Encrypt? Let”s revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes
- Staffer emails compromised and customer details exposed in T-Mobile US”s third security whoopsie in as many years
- Critical Netgear Bug Impacts Flagship Nighthawk Router – Dozens of routers are patched by Netgear as it snuffs out critical, high and medium severity flaws.
- Microsoft OneNote Used To Sidestep Phishing Detection – A recent phishing campaign used OneNote to distribute the Agent Tesla keylogger.
- MediaTek Bug Actively Exploited, Affects Millions of Android Devices – An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices.