From Security Weekly Wiki
Jump to navigationJump to search
  1. Cisco addressed critical flaws in Cisco Data Center Network Manager - “The vulnerability is due to improper session management on affected DCNM software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device.” So, this describes just about every vulnerability from Cisco in the past 10 years. The development, and specifically, the QA and testing process is broken. By now, with the resources available to Cisco, you should have developed code that can find these coding mistakes and fix them.
  2. Huawei security: Half its kit has 'at least one potential backdoor' | ZDNet - Researchers from IoT security firm Finite State have given a scathing assessment of the state of security in Huawei's networking device firmware, arguing "there is substantial evidence that zero-day vulnerabilities based on memory corruptions are abundant in Huawei firmware". "In summary, if you include known, remote-access vulnerabilities along with possible backdoors, Huawei devices appear to be at high risk of potential compromise," the firm wrote in a new report. Yea, but vulnerabilities are not a backdoor. Backdoors are put there on purpose, how would you know if a vulnerability was there on purposes? Guess it depends on who exploits it, but attribution is hard.
  3. The fake French minister in a silicone mask who stole millions
  4. YouTubes antics with kids data prompts call for FTC to force change - For years, Google has abdicated its responsibility to kids and families by disingenuously claiming YouTube – a site rife with popular cartoons, nursery rhymes, and toy ads – is not for children under 13. Google profits immensely by delivering ads to kids and must comply with COPPA. It’s time for the FTC to hold Google accountable for its illegal data collection and advertising practices. Interesting: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
  5. Google Makes DNS Over HTTPS Generally Available | SecurityWeek.Com
  6. Thousands of IoT Devices Bricked By Silex Malware
  7. Secrets Management Stinks, Use Some SOPS!
  8. How Hackers Infiltrate Open Source Projects
  9. 2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz? - Look, don't knock Microsoft for making a pivot, they are good people who have transformed the company. Let's face it, Microsoft embracing Linux is good for everyone, except Apple.
  10. Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank
  11. Former Equifax CIO Sentenced to Prison for Insider Trading
  12. Caught in the Web of Shells?
  13. Publish WordPress Post with Python Requests and REST API
  14. Docker containers are filled with vulnerabilities: Here's how the top 1,000 fared
  15. Ransomware Recovery Firm Caught Wanting to Pay Off Hacker
  16. Tales From the SOC: Healthcare Edition | SecurityWeek.Com
  17. Mission Possible: ICS Attacks On Buildings Are a Reality | SecurityWeek.Com
  18. Open-heart nerdery: Boffins suggest identifying and logging in people using ECGs - My heart beats for....my computers: This is according to a study (PDF) emitted this month by a trans-Atlantic pair of brains at UC Berkeley in the US and the University of Edinburgh in Scotland, who reckon electrocardiogram results are easy enough to measure, and vary enough from person to person that a reliable authentication system could be built from consumer hardware.