A couple of new stories are currently evolving, including an easy-to-exploit flaw in Linux kernel rated ‘high risk’ (CVE-2017-1000253) and a (for now) more theoretical CLKSCREW Attack which can hack modern chipsets via their power management features.
ICANN delays KSK Rollover over fears 60 million people would be kicked offline.
If you are looking for longer reading to keep you company this weekend you are in luck, McAfee Labs Report sees cyberattacks target healthcare and social media users, Accenture reports global cost of cybercrime soars 23% in a year and Europol published it’s Internet Organised Crime Threat Assessment.
Notable CVEs this week
CVE-2017-14867 – git: cvsserver command injection – CVSS3 Base Score 7.8
CVE-2017-1000253 – kernel: load_elf_ binary() – CVSS3 Base Score 7.8
CVE-2017-7805 – nss: Potential use-after-free in TLS 1.2 server – CVSS3 Base Score 7.5
Top 5 Security Links
Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies
Source: Deloitte Breach Affected All Company Email, Admin Accounts
Patch alert! Easy-to-exploit flaw in Linux kernel rated ‘high risk’
CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features
Internet-wide security update put on hold over fears 60 million people would be kicked offline