This week in Security Week 20

UK Police Protect Identity of Lambs

Ewe wouldn’t believe what I read this week, West Midlands Police in the UK are protecting the identity of lambs by blurring photos of their faces. Shaun the sheep on the television will be next.
Read more here

Twitter Analytics

Twitter to avoid getting a reputation for supplying information to intelligence agencies, have banned Dataminr a company that perform analytics on twitter’s feed from giving access to US Intelligence to the data.
Read more here

SQL Injection in State Election

In Lee County, Florida a man hacked into the election office computers, at first it was just curiosity to see if he could do SQL Injection but it got out of hand when he downloaded voter data.
Read more here

Firefox 47 Plugins

Mozilla is to end white listing of plugins meaning it will now be necessary for users to actively enable the plugins they are using.
Read more here

Pornhub Bug Bounty where Size Matters

Pornhub is offering bounties for bugs found by ethical hackers of between 50 and 25,000 USD on the HackerOne platform but only issues with their main site are eligible at this time.
Read more here

Google Chrome 50 Patches

Google have patched 5 vulnerabilities in this release of which 3 were high severity. Two of the severe issues were origin bypass flaws and the other was a buffer overflow flaw. All were discovered by externals participating in the bug bounty program.
Read more here

Gesture Based Screen Security

Robots are being employed to see just how safe the gesture based phone locks really are if you take into consideration statistical attacks and attacks tailered to the user. These showed to be significantly increases in the mean false acceptance rate as oposed to a zero-effort imposter attack.
Read more here

UAE Data Leak

A file from InvestBank in the United Arab Emirates has been leaked on the web containing 10GB of customer, account and credit card data including expiry dates. On the plus side at least password information was encrypted.
Read more here

Windows Zero-Day Used in Financial Attacks

A Windows vulnerability that allows privilege escalation used to attack companies in the following sectors: retailers; hospitality and restauranteurs.
Read more here

Lauri Love

British law enforcement were refused access to passwords by Judge saying that they used the wrong channels to go about proceedings, it should not have been a civil proceeding.
Read more here

Wifi Vulnerability on Android

A wifi privilege escalation vulnerability on Android and other products allows attackers to create a Denial of Service attack on the devices.
Read more here

IBM Watson vs Cybercrime

IBM is developing a cloud based solution using Watson to block viruses, ransomeware and DDoS attacks. They will be working with Universities to train Watson using annotated security data.
Read more here

Microsoft JScript and VBScript Bulletins

Microsoft have release patches for both JScript and VBScript these fix vulnerabilities that would allow the execution of arbitrary code when visiting an attackers website.
Read more here

Locky Server Breached

Lockies Command and Control server was breached by someone on the 5th who changed the payload of the trojan so that it contained a file saying “Stupid Locky…”. Give a medal to that ethical hacker.
Read more here

Be the first to comment on "This week in Security Week 20"

Leave a Reply

%d bloggers like this: