A selection of this week’s more interesting vulnerability disclosures and cyber security news. We all know its great adding cool features to stuff, but what’s not great if its not thought through well enough so as to be a potential issue down the line. Looks like we have a bad idea which in retrospect is potentially out to get us…

We see exposure of S3 and MongoDB on a regular basis, and I seem to remember a number of times pointing out that if something could be public and you don’t want it to be, check it out. Well… It appears someone made a boo-boo and set something public which I suspect should really have been private. I’m pretty sure other such services will be coming out as researchers (and villains) scour for similar issues across a whole set of likely SaaS solutions:

Can’t let the week go by without the usual IoT hit, though to be honest, its not really a fault of IoT directly, just a protocol which shouldn’t really be exposed. Then again, where have we heard that before? Oh, the last paragraph right…

 

In other news:

Weekly Cyber Security News 24/08/2018
twitterlinkedinmail