A week in security (May 3 – 9)

A week in security (May 3 – 9)

Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step verification, and how millions are put at risk by old, out of date routers.

Other cybersecurity news:

  • Cisco HyperFlex web interface has a critical flaw. (Source: The Register)
  • NSA advised to strengthen the security of operational technology (OT). (Source: Tripwire)
  • Tesla automobiles vulnerable to compromise over WiFi. (Source: Kunnamon)
  • Fix for critical Qualcomm chip flaw is making its way to Android devices. (Source: ArsTechnica)
  • Multiple critical vulnerabilities in Exim Mail Server dubbed 21Nails. (Source: Qualys)
  • Domain hijacking via logic error; Gandi and Route 53 vulnerability. (Source: Cyberis)
  • Tour de Peloton: Exposed user data. (Source: PenTestPartners)
  • Apple fixes 2 iOS zero-day vulnerabilities actively used in the wild. (Source: BleepingComputer)
  • Google and Mozilla will bake HTML sanitization into their browsers. (Source: The Daily Swig)
  • tsuNAME, a vulnerability that can be used to DDoS DNS. (Source: tsuname.io)

Stay safe, everyone!