A week in security (May 3 – 9)

Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step verification, and how millions are put at risk by old, out of date routers.

Other cybersecurity news:

• Cisco HyperFlex web interface has a critical flaw. (Source: The Register)
• NSA advised to strengthen the security of operational technology (OT). (Source: Tripwire)
• Tesla automobiles vulnerable to compromise over WiFi. (Source: Kunnamon)
• Fix for critical Qualcomm chip flaw is making its way to Android devices. (Source: ArsTechnica)
• Multiple critical vulnerabilities in Exim Mail Server dubbed 21Nails. (Source: Qualys)
• Domain hijacking via logic error; Gandi and Route 53 vulnerability. (Source: Cyberis)
• Tour de Peloton: Exposed user data. (Source: PenTestPartners)
• Apple fixes 2 iOS zero-day vulnerabilities actively used in the wild. (Source: BleepingComputer)
• Google and Mozilla will bake HTML sanitization into their browsers. (Source: The Daily Swig)
• tsuNAME, a vulnerability that can be used to DDoS DNS. (Source: tsuname.io)

Stay safe, everyone!

The post A week in security (May 3 – 9) appeared first on Malwarebytes Labs.