A selection of this week’s more interesting vulnerability disclosures and cyber security news. An bumper crop this week of news items of note, had to seriously prune them down to a manageable number which is a shame.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. After last week’s news about a part of Docker Hub being exposed, things have got just a little bit worse. One of the most popular images has a root account vulnerability. Now, with someone knowing what people have, and that there is a potential hole, a target list becomes massively reduced…
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Should we be surprised that there are weaknesses in a car app that lets you locate and remotely control them? We’ve been here before – too many times before. Again, possibly bad management, specification and design failures all round, and no one seems to learn.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. It’s been a while since we had reports of a Node.Js module repo tainting, this time though, it appears that its Ruby’s turn to suffer along with Google scoring an own goal. Trust in the code library supply chain shows once again that mistakes can have a wide ranging impact. I don’t have any solutions. Does anyone?
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Some big news items this week, namely further details on the ransomware campaign claiming Norsk last week spreading to other targets. One bit of good news is that there appears to be a flaw in the code and a simple Windows Shortcut can stop it from working.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. A news busy week this has been, from a catastrophic malware hit against an global manufacturer to startling breaches from the usual players. Which to pick out then? OK, a wonderful article by Krebs that caught my attention today.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Biometrics again. Here’s the thing, you get the consumer all fired up and (as the article says) actually put in some good kit saying this is reliable, and then further down the line substitute it for something that is not so great; will the consumer be aware of the down grade? Most likely not. As with all authentications, biometrics included, don’t rely on just one key…
A selection of this week’s more interesting vulnerability disclosures and cyber security news. In the new GDPR age we are in, exploration of data at rest has been high on the agenda for many, and this item perked my interest – and some concern. Well worth a read.
