Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ionCube24

Weekly Cyber Security News 14/06/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Privacy is understandably a concern for all, and for those that are not that bothered and opt-in to give it away, I’m sure they assume it is for monitoring of their activities online. However, in this enterprising case, it appears to go beyond the virtual to physical and not where you would suspect…

Weekly Cyber Security News 24/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An article that prompts many questions regarding use of PII in a passive way, misses one obvious question: Why was Wi-Fi enabled on 5.9 million devices while in transit? When you next get a moment, just check what, and why you need Wi-Fi and other communications features enabled all the time.

Weekly Cyber Security News 10/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. After last week’s news about a part of Docker Hub being exposed, things have got just a little bit worse. One of the most popular images has a root account vulnerability. Now, with someone knowing what people have, and that there is a potential hole, a target list becomes massively reduced…

Weekly Cyber Security News 03/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.

Weekly Cyber Security News 26/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Should we be surprised that there are weaknesses in a car app that lets you locate and remotely control them? We’ve been here before – too many times before. Again, possibly bad management, specification and design failures all round, and no one seems to learn.

Weekly Cyber Security News 19/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.

Weekly Cyber Security News 05/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. It’s been a while since we had reports of a Node.Js module repo tainting, this time though, it appears that its Ruby’s turn to suffer along with Google scoring an own goal. Trust in the code library supply chain shows once again that mistakes can have a wide ranging impact. I don’t have any solutions. Does anyone?