A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24
Lots of patching ahead for some folks….
- Critical Zoho Zero-Day Flaw Disclosed – A Zoho zero day vulnerability and proof of concept (PoC) exploit code was disclosed on Twitter.
Then again, for some, no patching for the UK court system it appears. When we all though Windows XP was gone and were almost rid of Windows 7, look what shows up:
Breach and attack galore to follow:
- Firefox Bug Opens iPhone AirPods to Third-Party Snooping – Mozilla Foundation snuffs out bugs with the introduction of Firefox 74 and ESR 68.6.
- Flaws Riddle Zyxel’s Network Management Software – Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.
- FYI: When Virgin Media said it leaked “limited contact info”, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more
- More Than Half of IoT Devices Vulnerable to Severe Attacks – A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
- Phishing Attack Skirts Detection With YouTube – Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.
- Spyware maker NSO runs scared from Facebook over WhatsApp hacking charges, fails to show up in court
- Months-long trial of alleged CIA Vault 7 exploit leaker ends with hung jury: Ex-sysadmin guilty of contempt, lying to FBI
- That LVI CPU hole wasn’t the only Intel fix: Dozens of flaws patched to stop chips turning into potatoes