This Week in Security: Lamb Identity Protection, Watson vs. Cybercrime, and Risque Bug Bounties

DZone 's Guide to

This Week in Security: Lamb Identity Protection, Watson vs. Cybercrime, and Risque Bug Bounties

Read news from this week about data breaches, vulnerabilities, and new findings in security.

· Performance Zone ·
Free Resource

Image title

UK Police Protect Identity of Lambs

Ewe wouldn’t believe what I read this week, West Midlands Police in the UK are protecting the identity of lambs by blurring photos of their faces. Shaun the sheep on the television will be next.

Read more here

Twitter Analytics

Twitter, to avoid getting a reputation for supplying information to intelligence agencies, has banned Dataminr, a company that performs analytics on Twitter’s feed, from giving access to US Intelligence to the data.

Read more here

SQL Injection in State Election

In Lee County, Florida, a man hacked into the election office computers; at first it was just out of curiosity to see if he could do SQL Injection, but it got out of hand when he downloaded voter data.

Read more here

Firefox 47 Plugins

Mozilla is to end white listing of plugins, meaning it will now be necessary for users to actively enable the plugins they are using.

Read more here

Pornhub Bug Bounty Where Size Matters

Pornhub is offering bounties for bugs found by ethical hackers of between 50 and 25,000 USD on the HackerOne platform, but only issues with their main site are eligible at this time.

Read more here

Google Chrome 50 Patches

Google have patched 5 vulnerabilities in this release of which 3 were high severity. Two of the severe issues were origin bypass flaws and the other was a buffer overflow flaw. All were discovered by externals participating in the bug bounty program.

Read more here

Gesture-Based Screen Security

Robots are being employed to see just how safe the gesture-based phone locks really are, if you take into consideration statistical attacks and attacks tailored to the user. These showed significant increases in the mean false acceptance rate as opposed to a zero-effort imposter attack.

Read more here

UAE Data Leak

A file from InvestBank in the United Arab Emirates has been leaked on the web containing 10GB of customer, account, and credit card data including expiry dates. On the plus side, at least password information was encrypted.

Read more here

Windows Zero-Day Used in Financial Attacks

A Windows vulnerability that allows privilege escalation was used to attack companies in the following sectors: retailers, hospitality, and restauranteurs.

Read more here

Lauri Love

British law enforcement were refused access to passwords by Judge saying that they used the wrong channels to go about proceedings, it should not have been a civil proceeding.

Read more here

Wi-Fi Vulnerability on Android

A wifi privilege escalation vulnerability on Android and other products allows attackers to create a Denial of Service attack on the devices.

Read more here

IBM Watson vs. Cybercrime

IBM is developing a cloud-based solution using Watson to block viruses, ransomeware, and DDoS attacks. They will be working with Universities to train Watson using annotated security data.

Read more here

Microsoft JScript and VBScript Bulletins

Microsoft has release patches for both JScript and VBScript; these fix vulnerabilities that would allow the execution of arbitrary code when visiting an attackers website.

Read more here

Locky Server Breached

Locky's Command and Control server was breached by someone on the 5th who changed the payload of the trojan so that it contained a file saying “Stupid Locky…”. Give a medal to that ethical hacker.

Read more here

security, vulnerabilities

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}