In the Security News, Singapore passes an anti-fake news law, WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware, major security issues found in Cisco routers, and Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability!
Paulâs Stories
- Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities â Help Net Security
- Passwords Are Dead, Long Live The Password
- A flaw in Google Titan Security Keys expose users to Bluetooth Attacks
- Severe Linux kernel flaw found in RDS
- Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability | US-CERT
- More Attacks against Computer Automatic Update Systems â Schneier on Security
- Google 0Day In the Wild project tracks zero-days exploited in the Wild
Larryâs Stories
- thrangrycat, Cisco 0-day, and the first exploit named with only emoticonâŚ.
- MDS attacks, Rogue In-flight Data Load, and intel CPU hardware attacks.
- 0-day in Microsoft Remote Desktop Services, pre-authentication
- Plane radio navigation can be hacked with a $600 SDRâŚeasily thwarted, but this article puts all of the parts together.
- Googleâs BLE titan security keys are easily hijacked
- âŚand because IBM felt left 0ut RCE in WebLogic
Leeâs Stories
- Singapore passes anti-fake-news law Requires debate to be based on a foundation of truth, honor and honesty. The definitions of falsehood and public interest in the bill remain concerns. This is one to watch.
- White label GPS trackers hacked Generic GPS trackers SIM can be reset by hackers to enable and change functionality such as enabling the microphone. Security appears to be an afterthought. Also the question of why these features exist in a GPS tracker comes to mind.
- Microsoft RDP/wormhole patch Microsoft issues patch for RDP services to close RCE hole. Patch includes Windows XP update.
- WhatsApp used to distribute malware WhatsAPP on Android and iOS can be used to distribute malware. Update released 5.13 resolves the flaws.
- US House of Representatives requires Information Security trainng The US House of Representatives is just requiring itself to complete annual cyber training. In todayâs threat environment, quarterly and monthly training is more the norm, and NIST SP 800-53 already requires it for federal information system users.
- Supply Chain Security training legislated Training proposed for acquisition officials on the heals of ASUS and other similar hardware issues. Supply chain defects bypasses traditional perimeter protections, and has to apply to anyone processing your dats.
- Cisco Router bug in boot Trust Anchor While not being actively exploited, update your cisco routers NOW, check the Cisco Advisory for specific products and updates
- New Zombieland Intel Security flaw using speculative execution There are more and more flaws that exploit the speculative execution in Intel chips. They are getting media attention with sexy names and logos. Most are low-risk due to the level of direct intervention to exploit.
- Hackers add Magcart skimmer to Forbes online shopping cart Hackers insert skimmer that collected card numbers, CCV, Expiration, home addresses, etc.
Jeffâs Stories
Letâs pause to remember one of the great Cryptologic Successes of World War II
- WWII Veteran and Navajo Code Talker Fleming Begaye Sr. Dies at 97
Itâs been a banner week for vulnerability disclosuresâŚ
- Microsoft Issues Urgent Fix for Windows in First XP Patch since Wannacry Wait, what? Nobody is still using XP are they???
- Major Security Issues Found in Cisco Routers
- WhatsApp Vulnerability Exploited to Infect Phones with Israeli Spyware
- Install updates now to address a vulnerability in most Intel CPUs
Full Show Notes
Follow us on Twitter: https://www.twitter.com/securityweekly
Gloss