In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules (and avoid being brutally fined if they fail). One of the things that the regulation mandates is that EU citizens must be able to get access to their personal data held by companies and information about how these personal data are being...
Read More
Description: Mozilla! has released security updates to address multiple vulnerabilities for the following software : Firefox ESR 52.6 Firefox 58 Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
Description: Apple has released security updates to address vulnerabilities in multiple products. The following is titled under this update : Safari 11.0.3 watchOS 4.2.2 iOS 11.2.5 macOS High Sierra 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan tvOS 11.2.5 Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory...
Read More
Cybercrime takes on many forms, but one of the long-standing tactics attackers use is web defacement—the act of compromising and vandalizing a website. Typically, these attackers—known as web defacers—replace the original page with their own content, boldly stating a political or social message. This is not a new phenomenon, but it is an enduring one. We’ve analyzed data that goes back almost two decades, and...
Read More
Last year, multiple industry verticals saw the extreme effects of ransomware, with WannaCry and Petya leading the pack in terms of damage. To make matters worse, according to a report by Kaspersky, the number of ransomware threats is expected to increase in 2018. The evolution of ransomware, resulting in more diverse and innovative attacks, is going to heavily hit enterprises in 2018. In my previous articles, I explained how ransomware has evolved...
Read More
The SamSam ransomware group seems to have gotten to a “great” start in 2018, hitting several high-profile targets such as hospitals, a city council, and an ICS firm. Reported attacks include the one against the Hancock Health Hospital in of Greenfield, Indiana; Adams Memorial Hospital in Decatur, Indiana; the municipality of Farmington, New Mexico; cloud-based EHR (electronic health records) provider Allscripts; and an unnamed ICS (Industrial Control Systems) company in the...
Read More
Security experts are warning of a new Mirai variant targeting ARC processors, which could have an even bigger impact than the notorious malware on which it is based. RISC-based ARC processors are widely used in IoT and embedded systems and said to beshipped in over 1.5 billion products each year. The new threat — named Okiru, which is Japanese for “wake up” — was first spotted...
Read More
Still using BitTorrent to exclusively download legally acquired content like operating system images or files you want to share privately with friends? If so, you might want to double-check your security settings to protect yourself from what researchers at Google’s Project Zero are calling a “low complexity hack” affecting Transmission and other popular BitTorrent clients. The flaw could leave your computer vulnerable to control by malicious hackers, but you can...
Read More
A group of Princeton and Purdue researchers has shown that it’s possible to mount a denial-of-service (DoS) attack against hard disk drives via acoustic signals. Threat severity Hard disk drives (HDDs) have become the most commonly-used type of non-volatile storage due to their increased reliability, fault tolerance, storage capacity, and so on. “These technological advances in HDDs, along with the ever-increasing need for storing the...
Read More
OnePlus has confirmed that its systems have been breached, following reports of credit card fraud from customers who bought a phone from the company. The phone maker sent an email to customers Friday, saying customers’ credit card numbers, expiry dates, and security codes “may have been compromised.” The email, posted by Peter Smallbone on Twitter, said: “As soon as we were made aware of the attack, we...
Read More
