This is a developing story. Updates will be amended as new information and guidance become available.

Imagine this… you walk into work; you are the supervisor of an automated automotive production line for one of the largest global car manufacturers. Everyone from the last shift is still there, they are not packing up to go home, in fact, they are panicking. The production line has shut down, nothing is working, and computer screens along the production line display a ransom demand.

This is a work-in-progress blog post. It will be updated when more information is available. For more detailed information about the vulnerability, see the How the Critical OpenSSL Vulnerability may affect Popular Container Images blog post. A critical vulnerability with an expected high or critical severity rate of CVSS score is about to be announced on November 1st on the OpenSSL project. There are still no details besides an announcement on the OpenSSL mailing list on October 25th.

In February 2021, the Reserve Bank of India published a paper detailing Digital Payment Security Controls (DPSC). The paper was developed to aid Indian financial organisations in protecting digital channels and offering commodities to clients with Identity Verification solutions. Global financial services corporations are caught between the government and clients.

The modern vehicle comes equipped with a variety of software systems. Especially features that connect it to the outside world, such as online updates, fleet management and communication between vehicles, offer attack surface. The security of automotive software is crucial, not only because bug-induced call-backs are costly, but also because the well-being of passengers depends on it.

The nature of LinkedIn’s professional environment facilitates communication among individuals from various backgrounds across industries. However, threat actors have been known to exploit the business networking platform for malicious aims, including intelligence gathering, identity theft and spear phishing. A number of fake profiles identified on the site have been observed targeting individuals in diverse sectors, particularly those with roles in government, cyber security and education.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Ah ha! Something new to combat a valid issue I’m sure many of us who have had left a phone at a repair shop had fears over…. Will our data on the device be abused? Looks like Samsung has a solution in part.

Have you ever heard the cybersecurity term “dictionary attack”, and wondered what it means? You’re not alone. Here, we’ll break down what a dictionary attack is, and explain what steps you should take to protect yourself from this threat.

Say you are allergic to peanuts. While out to dinner, you order a plate of spaghetti with meatballs. The server lets you know that there are no peanuts in the spaghetti with meatballs. Unfortunately, the server has no knowledge that the onions within the meatballs were fried in peanut oil. The indirect dependency on the peanut oil that was included in the meatballs by way of the fried onions left you vulnerable to an attack.