We are heading into an era which embraces the Internet of Things (IoT), artificial Intelligence (AI), and machine learning (MI) that have immensely overturned the tech world. With particular reference to IoT, it has profoundly impacted global commerce and lifestyle. If this existing pace remains consistent, then it wouldn’t be onerous to predict the trends that we might witness in the upcoming year. According to the predictions by Forecast, IoT is just...
Read More
The development team of phpMyAdmin has fixed a CSRF vulnerability in phpMyAdmin that could be exploited by attackers for removing items from shopping cart. Researcher Ashutosh Barot has discovered a critical CSRF vulnerability in phpMyAdmin that could be exploited by attackers to perform malicious operations like drop tables and delete records. phpMyAdmin developers released the version 4.7.7 that addresses the CSRF vulnerability found by Barot. “By deceiving a user to click on...
Read More
The popularity of passwords as a means of authentication is still not waning, so advice on how to opt for passwords that are hard to guess and crack is always timely. Choosing passwords For one, avoid the most often used passwords. SplashData’s most recent list of the top 100 worst passwords (of the past year) contains many of the usual suspects (“123456”, “password”, and “qwerty”), but also...
Read More
The Mirai botnet is kind of like Madonna. They both were huge once, and then the adoring public shifted their attention to younger, newer acts but they keep on performing anyway. We wrote about Mirai extensively after we predicted its construction in our first IoT report, DDoS’s Newest Minions: IoT Devices in 2016. Mirai has been in the news again recently. In December, Brian Krebs reported1 that two men had...
Read More
An analysis of how unprepared businesses are to fight back against the continued problem of ransomware is featured in the latest edition of the ISMG Security Report. Ed Amoroso, CEO of TAG Cyber and former CISO at AT&T, predicts ransomware attacks will be even more widespread and devastating in 2018, and that without the proper tools, businesses will scramble to recover. In the Security Report...
Read More
Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address an important out-of-bounds read vulnerability that could lead to information exposure. Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Description: Microsoft has released updates to address vulnerabilities in Microsoft software. The January security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and Web Apps SQL Server ChakraCore .NET Framework .NET Core ASP.NET Core Adobe Flash Impact: A remote attacker could exploit some of these vulnerabilities to take control of an affected...
Read More
Security researchers have uncovered a sophisticated phishing campaign targeting organizations involved in the Pyeongchang Olympics with a weaponized Word doc, and using a range of obfuscation techniques to fly under the radar. The malicious document is written in fluent Korean and named “Organized by Ministry of Agriculture and Forestry and Pyeongchang Winter Olympics”, according to McAfee. It was aimed at a number of organizations providing...
Read More
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. James Bercegay, a security researcher with GulfTech Research and Development, discovered and reported these flaws to Western Digital in June...
Read More
Organizations are scrambling to put in place fixes for the Meltdown and Spectre flaws as makers of operating systems, cloud services, mobile devices and more start to release patches. Meltdown and Spectre are flaws in many microprocessors that attackers could use to steal kernel data, including passwords and encryption keys. Security experts say all organizations should put mitigations in place as soon as possible, preferably starting...
Read More
