WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no …

Read moreWordPress 4.9.2 security release & YITH Wishlist vulnerability

ICO fines Carphone Warehouse £400k

Regulation

Carphone Warehouse have been issued with one of the largest fines by the Information Commissioner’s Office after customer and employee data was compromised after a cyber-attack in 2015. The ICO cite “multiple inadequacies in Carphone Warehouse’s approach to data security and determined that the company had failed to take adequate steps to protect the personal …

Read moreICO fines Carphone Warehouse £400k

Meltdown and Spectre chip vulnerability

privacy regulations

There’s been a lot of coverage of the recently announced chipset vulnerability that’s been found in major suppliers of computer chips (e.g. Intel, AMD). The vulnerability, if exploited, could allow hackers to access areas of, otherwise normally, inaccessible memory which may be used for storing sensitive data, passwords, encryption keys, etc. There’s been a lot …

Read moreMeltdown and Spectre chip vulnerability