Weekly Cyber Security News 15/04/2016

A selection of this week’s more interesting vulnerability disclosures and cyber security news.

Perhaps one of the most important, and possibly least noticed of the week is the dropping of QuickTime, I bet many of you will have this plug-in installed in their browser but when was the last time you actively used it? With known vulnerabilities a simple trick of activating if as you browse through could prove fatal. Like all browser plug-ins its good to disable automatic activation, or better still, removal of plug-ins that are out-dated. You just never know!

• Uninstall QuickTime for Windows: Apple will not patch its security bugs (The Register)

• The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete…
• 0-day exploits more than double as attackers prevail in security arms race (ArsTechnica)
• Another IBM Java Patch Bypassed by Researchers
• Apple stops patching QuickTime for Windows despite 2 active vulnerabilities (ArsTechnica)
• Badlock, the publicity hungry security bug, is finally patched (ZDNet)
• Bugtraq: OpenCart json_decode function Remote PHP Code Execution OpenCart json_decode function Remote PHP Code Execution
• Cyberattackers botch integration of Adobe Flash zero-day vulnerability in exploit kits (ZDNet)
• Google Patches Serious Account Recovery Vulnerabilities (SecurityWeek)
• Guess what? URL shorteners short-circuit cloud security (ArsTechnica)
• Symantec cloud portal goes titsup (The Register)
• Tool Released to Decrypt Petya Ransomware Infected Disks, (Mon, Apr 11th)
• What’s this about Canada reading your BlackBerry texts? (The Register)
• Apple iPad owners told to upgrade iOS or risk Wi-Fi attack cooking their battery (ZDNet)