ionCube24

ioncube24

Weekly Cyber Security News 24/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. An article that prompts many questions regarding use of PII in a passive way, misses one obvious question: Why was Wi-Fi enabled on 5.9 million devices while in transit? When you next get a moment, just check what, and why you need Wi-Fi and other communications features enabled all the time.

ioncube24

Weekly Cyber Security News 10/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. After last week’s news about a part of Docker Hub being exposed, things have got just a little bit worse. One of the most popular images has a root account vulnerability. Now, with someone knowing what people have, and that there is a potential hole, a target list becomes massively reduced…

ioncube24

Weekly Cyber Security News 03/05/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Over the last few weeks there has been a number of notable code repository poisonings which quite rightly caused alarm at the possible downstream risk. This week though, a mother lode has been struck; Docker Hub. Being home to images for many core systems, and also providing keys to critical parts of the build system, this is highly shocking.

ioncube24

Weekly Cyber Security News 26/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Should we be surprised that there are weaknesses in a car app that lets you locate and remotely control them? We’ve been here before – too many times before. Again, possibly bad management, specification and design failures all round, and no one seems to learn.

ioncube24

Weekly Cyber Security News 19/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. While not as main stream as Skype, Matrix has certainly gained a good following (one I’ve been personally watching for a few years myself). The announcement of a major breach via vulnerabilities in it’s Jenkins CI system do highlight that any door in will be taken and used to pivot into where the jewels really are.

ioncube24

Weekly Cyber Security News 05/04/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. It’s been a while since we had reports of a Node.Js module repo tainting, this time though, it appears that its Ruby’s turn to suffer along with Google scoring an own goal. Trust in the code library supply chain shows once again that mistakes can have a wide ranging impact. I don’t have any solutions. Does anyone?

ioncube24

Weekly Cyber Security News 15/03/2019

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Biometrics again. Here’s the thing, you get the consumer all fired up and (as the article says) actually put in some good kit saying this is reliable, and then further down the line substitute it for something that is not so great; will the consumer be aware of the down grade? Most likely not. As with all authentications, biometrics included, don’t rely on just one key…