Spam campaigns delivering Zyklon HTTP malware are attempting to exploit three relatively new Microsoft Office vulnerabilities. The attacks are targeting telecommunications, insurance and financial service firms. According to FireEye researchers who identified the campaigns, attackers are attempting to harvest passwords and cryptocurrency wallet data along with recruiting targeted systems for possible future distributed denial of […]
Cloudflare Launches Remote Access to Replace Corporate VPNs
January 22, 2018
Mobile and cloud computing have challenged the concept of perimeter security. There is no longer an easily definable perimeter to defend. VPNs are a traditional, but not ideal solution. Neither approach addresses the attacker who gets through the perimeter or into the VPN. Google long ago recognized the problems and introduced BeyondCorp as an alternative […]
Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post. “We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” said Navin […]
APPLE PREPS CHAIOS IMESSAGE BUG FIX FOR NEXT WEEK
January 20, 2018
The update will address a flaw software developer Abraham Masri publicly identified in a tweet earlier this week, according to multiple published reports. The flaw causes the iMessage app on iOS devices to freeze, crash or restart. Macs are also affected. A macOS High Sierra 10.13.3 update is expected later this month to fix the […]
Google Drive Exploited to Download Malware Directly from URL
January 19, 2018
A vulnerability has emerged that allows hackers to automatically download malware to a victim’s computer directly from a Google Drive URL. Proofpoint uncovered the vulnerability and created a proof-of-concept exploit for the issue, which exists in the Google Apps Script. The development platform is based on JavaScript and allows the creation of both standalone web […]
Believe It: Cyber security is Getting Better, Not Worse
January 18, 2018
2017 has been a tough year from a cybersecurity stand point. We’ve seen some of the biggest hacks and data breaches ever, as well as one of the most devastating ransomware/malware outbreaks on record. Despite all of this – I’m going to make a statement that will shock many in the industry – cybersecurity is […]
What Does Data Loss Mean for Your Business?
January 17, 2018
In May 2018, the General Data Protection Regulation (GDPR) comes into force. GDPR toughens rules around obtaining consent to process data; it forces companies to tell consumers whenever a serious breach occurs; it sets much more stringent standards for data protection; and it means that companies can be forced to stop collecting or processing data, […]
Meltdown Patch Broke Some Ubuntu Systems
January 16, 2018
Canonical was forced to release a second round of Ubuntu updates that address the recently disclosed CPU vulnerabilities after some users complained that their systems no longer booted after installing the initial patches. On January 9, Canonical released Ubuntu updates designed to mitigate Spectre and Meltdown, two recently disclosed attack methods that work against processors […]
AMD Working on Microcode Updates to Mitigate Spectre Attack
January 15, 2018
AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs. Shortly after researchers revealed the Spectre and Meltdown attack methods, which allow malicious actors to bypass memory isolation mechanisms and access […]
Bogus Passwords Can Unlock AppStore Preferences in macOS
January 14, 2018
A security vulnerability impacting macOS High Sierra allows admins to unlock the AppStore Preferences in System Preferences by providing any password. The issue was found to affect macOS 10.13.2, the latest iteration of the platform, and can be reproduced only if the user is logged in as administrator. For non-admin accounts, the correct credentials are […]