Security

Two months after Docker brings in new faces to lead security efforts, a new benchmark for securing Docker container deployments debuts.

In March of this year, Nathan McCauley and Diogo Monica joined Docker Inc. to lead security efforts for the container virtualization vendor. Now, just over two months later, the first fruits of McCauley and Monica's efforts are becoming apparent with a new Center for Internet Security benchmark report for the Docker Engine 1.6.

Cisco has patched a remote code execution bug that could give attackers root privileges on its Unified Computing System (UCS) Central software used by more than 30,00 organisations.

The UCS data centre server platform joins hardware, virtualisation, networking and software into one system. Versions 1.2 and below are affected.

The Borg says the vulnerability (CVE-2015-0701) rates the maximum 10 severity rating due to its low exploitation requirements and "complete" impact to confidentiality, integrity and availability.

WordPress users: Now would be an excellent time to make sure your system is up to date.

The content management system rolled out an update Thursday that addressed a security flaw that affected millions of websites. The vulnerability, first spotted by security researchers at Sucuri, leaves affected websites susceptible to an attack that could allow others to take control of the sites.

A vulnerability within two widely used WordPress plugins is already being exploited by hackers, putting millions of WordPress sites at risk, according to a computer security firm.

The plugins are JetPack, a customization and performance tool, and Twenty Fifteen, used for infinite scrolling, wrote David Dede, a malware researcher with Sucuri. WordPress installs Twenty Fifteen by default, which increases the number of vulnerable sites.

The City of London Police, working with detectives from the Police Intellectual Property Crime Unit (PIPCU), have busted a Hertfordshire crime ring suspected of importing, exporting and selling counterfeit Cisco hardware.

The force swooped on two men, aged 36 and 35, at their homes in Sawbridgeworth and Birchanger, and a third man, aged 38, at his place of work in nearby Bishops Stortford, on 29 April.

The trio were suspected of having shifted in excess of $10m (£6.56m) worth of fake networking equipment through a company website and telesales operation.

Hackers will put Internet-connected embedded devices to the test at the DefCon 23 security conference in August. Judging by the results of previous Internet-of-Things security reviews, prepare for flaws galore.

This year, DefCon, the largest hacker convention in the U.S., will host a so-called IoT Village, a special place to discuss, build and break Internet-of-Things devices.

Transport service company Uber has had its fair share of problems through the years, but lately instances of hacked accounts and fraudulently booked trips seem to have increased, fueling speculations that the company has suffered a data breach.

Alan White has a good collection of recent Twitter complaints about hacked accounts, changed emails and phone numbers, and fraudulent trips charged to the legitimate user's payment card.

Users of Apple's healthcare data app platform - intended to allow developers access to healthcare info collected via its wristy watch gizmo - could be left wide open to security exploits, infosec bods have warned.

The ResearchKit and HealthKit platform is intended to allow health researchers to aggregate information collected from iOS users who opt-in to contribute their personal medical data.

Lenovo has issued a patch for a flaw in its computers, which researchers say could allow hackers to replace trusted apps with malicious versions.

Security researchers at IOActive said in an advisory detailing three separate vulnerabilities that hackers could bypass checks to ensure the integrity of apps, allowing them to run malware on an affected Lenovo machine.

With roughly 50 million lines of code, Windows is bound to have some bugs, and some of those bugs are bound to affect security. When flaws are found, Microsoft issues patches as fast as possible, but those patches do no good if you fail to apply them. Even if you're diligent, Patch Tuesday comes just once a month, so a vulnerability discovered the day after Patch Tuesday won't be patched until the next Patch Tuesday rolls around.