작성일 : 18-04-16 16:20
[보안뉴스] Weekly security newsletter 16th April 2018
 글쓴이 : happy
조회 : 8  
The Register

Weekly security newsletter

16th April 2018

 

Gmail is secure. Netflix is secure. Together they're a phishing threat

Google doesn't recognise dots in email addresses, which creates an opportunity for evil

 
 
Advertisement. Infosecurity Europe 2018 Learn more.

Security News

Boffins think classical crypto can outlive quantum computers

Cisco backs Isara's post-quantum PKI cert test in the hope it future-proofs TLS

Security bods liberate EITest malware slaves

Miscreants' command and control network traffic sent down sinkhole

Android apps prove a goldmine for dodgy password practices

And password crackers are getting a lot smarter

Australian Feds cuff woman who used BTC to buy drugs on dark web

'We can see you everywhere and so can our friends in the UK', says Border Force

So you’ve got a zero-day – do you sell to black, grey or white markets?

Bug bounty sales are getting very complicated, financially and morally

Router ravaging, crippling code, and why not to p*ss off IT staff

The wacky week in security

Exposed: Lazy Android mobe makers couldn't care less about security

Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is

UK health service boss in the guts of WannaCry outbreak warns of more nasty code infections

Assume we're going to get hacked next time and plan for it

Tried checking under the sofa? Indian BTC exchange Coinsecure finds itself $3.5m lighter

Outfit loses 438 bitcoin in security snafu

From Bangkok to Phuket, they cry out: Oh, Bucket! Thai mobile operator spills 46k people's data

S3 spillage spoils included driving licences and passports

Cloudflare promises to tend not two, but 65,535 ports in a storm

But no Daily Stormer please

When SecureRandom()... isn't: Javascript fingered for poking cash-spilling holes in Bitcoin wallets

If you've got an old money store, check it for hacked gaps

'Well intentioned lawmakers could stifle IoT innovation', warns bug bounty pioneer

The pushback against regulation starts here

GCHQ boss calls out Russia for 'industrial scale disinformation'

Kremlin 'blurring boundaries between criminal and state activity' – director

Using Outlook? You should probably do some patching

It's 2018 and previewing an email can flash your privates at the world

Where's my free monitoring service, One Plus? – hacked-off customers

Two months since 40k punters had payment card deets nicked

UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that

Brits revamp cyber alert framework

Data exfiltrators send info over PCs' power supply cables

Malware tickles unused cores to put signals in current

Boffins pull off quantum leap in true random number generation

Well, we been having some difficulty. Ziggy, he's, uh, spitting out some wild values

Rudd-y hell, dark web! Amber alert! UK Home Sec is on the war path for stealthy cyber-crims

Hashtag game over crooks question mark question mark

Great Western Railway warns of great Western password reuse: Brits told to reset logins

1,000 accounts compromised

Imagine you're having a CT scan and malware alters the radiation levels – it's doable

WannaCry was a wake-up call for healthcare, but the sector is still terribly vulnerable to attack

While Zuck squirmed, Reddit revealed it found and killed 944 Russian troll factory accounts

Posts hit hyper-partisan r/the_donald, CEO says most crimped before 2016 election

No password? No worries! Two new standards aim to make logins an API experience

WebAuthn and CTAP published this week

SAP's Business Client can own entire apps, DDOS them into dust

And that's the worst of ten patches awaiting lucky, lucky SAP admins

Want to terrify a city with an emergency broadcast? All you need is a laptop and $30

Bug allows hijack of city, army and nuclear warning systems

It's April 2018 – and Patch Tuesday shows Windows security is still foiled by fiendish fonts

Adobe's Flash also up the spout

Death in paradise: 'Cyber attack' takes out national government's IT

Half of a tiny Caribbean island, population 42,000, but still

Company insiders behind 1 in 4 data breaches – study

Ransomware, external hackers dominate 2018 probe, natch

Gmail is secure. Netflix is secure. Together they're a phishing threat

Google doesn't recognise dots in email addresses, which creates an opportunity for evil

Sorry spooks: Princeton boffins reckon they can hide DNS queries

'Oblivious DNS' decouples users from the sites they visit

You. FCC. Get out there and do something about these mystery bogus cell towers, huff bigwigs

It's the Ruskies! Or maybe the FBI! Stingray secrecy rebounds

Patch or ditch Adobe Flash: Exploit on sale, booby-trapped Office docs spotted in the wild

ThreadKit leverages flaw fixed in February

Cinema voucher-pusher tells customers: Cancel your credit cards, we've been 'attacked'

Website taken down 'for the foreseeable future'

There's security – then there's barbed wire-laced pains in the arse

How do you strike a balance with compliance and UX?

closing the it skills

Closing the IT skills gap

Automating NetOps

tame architectural

4 steps to your successful cloud journey

Tame architectural complexity