A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. With all the wild stuff going on right now, and I don’t know if it’s cabin fever causing regression, but I seem to home in on some almost retro items of news this week.
The first, not so much that they were hit by a card skimmer, more that I didn’t realise they were still with us. I thought that had gone with the demise of the 1980’s:
Another that has mystified me for well over 20 years is still doing the rounds. This one is more of a hoax with no particular objective it seems but to cause some panic. It usually goes along the same pattern which makes it even more amazing people still continue to accept it – Some email (back in the day), or message containing some keyword, which when opened will wipe your device. Its then usually backed up with some media outlet making the claims but with no actual reference of the report. Bizarre…. Why do such hoaxes continue to circulate?
Now this final one is a little more concerning. Its quite obviously a targeted social attack using a method that has been hypothesised for some time:
More madness for you….
- AMD dials 911, emits DMCA takedowns after miscreant steals a load of GPU hardware blueprints, leaks on GitHub
- As Zoom Booms Incidents of ‘ZoomBombing’ Become a Growing Nuisance – Numerous instances of online conferences being disrupted by pornographic images, hate speech or even threats can be mitigated using some platform tools.
- It’s 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
- Memcached has a crash-me bug, but hey, only about 83,000 public-facing servers appears to be running it
- Bored during lockdown? Why not try out these data-spilling Kr??k Wi-Fi bug exploits against your nearby devices
- Apache Tomcat Exploit Poised to Pounce, Stealing Files – Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.