eFail: PGP and S/MIME vulnerabilities. XSS vulnerability found and patched in Signal. 18th May 2018

News

Vacation still going :-)

Just like last week I'm still on vacation, so minimal mode it is. I selected the stories that jumped out to me, but without summarising or heavy filtering. Enjoy!

Researchers warn PGP and S/MIME users of serious vulnerabilities

There's a lot of uproar on the news itself, how it was disclosed and how valid the vulnerabilities are. I can't dig into all of it (vacation mode), but this article seems a good overview. This blogpost from Protonmail counters a lot of the hype as well.

Security flaw impacts Electron-based apps (Slack, Atom, Discord, ..)

Serious XSS vulnerability discovered in Signal

Mexico's banking system sees $18M siphoned off in phantom transactions

Cardbreach announced at Chili’s restaurant chain

Kaspersky to move data of most users from Russia to Switzerland

Update all the things \o/

Hardcoded passwords found in Cisco enterprise software, again: link
Adobe doles out second round of of higher priority patches: link

Attackers use UPnP to sidestep DDoS defenses

IBM employees banned from using portable storage devices

Shadowy hackers accidentally reveal two zero-days to security researchers

iOS 11.4 to disable usb port after 7 days: what it means for mobile forensics

Sponsorships

The (easy) road to GDPR compliance

GDPR is coming, are you ready? If not, don't worry. Read this easy to follow whitepaper that gives practical advise on what businesses have to do to get started and become GDPR compliant.

Remote lock & wipe your company's devices

Fleetsmith just released a new feature that allows you to remote lock and wipe your employee's devices if they get lost or stolen. They also let you manage your first 10 devices free, integrates fully with G Suite, and is used by yours truly every day.