Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket. Source: Threadpost

It’s Not Exactly Open Season on the iOS Secure Enclave

Despite yesterday's leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data. Source: Threadpost

Threatpost News Wrap, August 18, 2017

Mike Mimoso and Tom Spring discuss this week's security news, including a discussion on recent hijacking of popular Chrome extensions and Adobe's decision to end-of-life Flash Player. Source: Threadpost

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

A hacker identified only as xerub published the decryption key unlocking the iOS Secure Enclave Processor. Source: Threadpost

Cisco Patches Privilege Escalation Bugs in APIC

Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller (APIC) that could allow an attacker to elevate privileges on the host machine. Source: Threadpost

Drupal Patches Critical Access Bypass in Core Engine

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities. Source: Threadpost

Rowhammer Attacks Come to MLC NAND Flash Memory

IBM researchers have demonstrated a filesystem-level version of the Rowhammer attack against MLC NAND flash memory. Source: Threadpost

Booking a Taxi for Faketoken

The Trojan-Banker.AndroidOS.Faketoken malware has been known about for already more than a year. Throughout the time of its existence, it has worked its way up from a primitive Trojan intercepting mTAN...

Locky Ransomware Variant Slips Past Some Defenses

Ransomware called IKARUSdilapidated is managing to slip into unsuspecting organizations as an unknown file. Source: Threadpost

Flash’s Final Countdown Has Begun

The impending demise of Adobe Flash will create legacy challenges similar to Windows XP as companies begin to wean themselves off the vulnerable code base. Source: Threadpost