Ransomware in 2018 Has New Leverage

Ransomware’s Unexpected Ally: GDPR While the intentions of GDPR are positive, analysts are predicting an unintended side effect. Actors using ransomware to extort companies could use GDPR as leverage. With the strict requirements to stay within GDPR compliance, actors can put pressure on victims to pay out as quickly as possible. In addition, because GDPR…

The Real Costs of WSUS

“Why should I pay for an IT management tool? I get WSUS free with Windows!” While WSUS might come with Windows, it is certainly not free. There are hidden expenses to consider. Looking at the number of hours wasted and additional software needed to fully manage your environments, WSUS comes out as more expensive than…

Cortana Exploited to Hack Windows 10 PCs

Cortana Stealing Windows 10 Passwords & Photos Cortana, Microsoft’s AI-based smart assistant, could help attackers unlock your system password. As one of their flagship features, Cortana comes built into every version of Windows 10. Publicly known as CVE-2018-8140, this vulnerability has been given a severity rating of Important by Microsoft. Normally something this invasive would be…

Critical Flaws in Global Security Cameras

Global Security Infrastructure Exposed Axis Communications, the global market leader for IP enabled security cameras, has confirmed there are seven major vulnerabilities in 400 of its security camera models. Axis’ cameras are frequently used as part of critical security infrastructure in places like the Sydney Airport, Moscow Metro and the City of Houston. Exploitation of…

June Patch Tuesday: Summer Storm

Microsoft Releases 50 Updates For June Patch Tuesday, Microsoft has released a massive 50-update rollup that affects every version of Windows still in support. Included are fixes for the Windows OS, Internet Explorer, Microsoft Edge, the ChakraCore JavaScript engine, Microsoft Office and Microsoft Office Services, and Web Apps. If you are using Windows 10, this…

Flash Alert: Zero-Day Update

Adobe Issues Patch for Flash Player Zero-Day Exploit Adobe has released a critical update for Flash. This zero-day vulnerability is, on a limited basis, being exploited in the wild. According to the Adobe Security Bulletin, “These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.” It seems the end of Flash is going…

100 Million IoT Devices Exposed

Z-Wave IoT Devices Exposed Z-Wave, a protocol primarily used for home automation, is vulnerable to security downgrade attacks. According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart products. It is estimated that over 100 Million IoT devices are affected. It…

Microsoft Zero-Day for JScript

Remote Code Execution Vulnerability Disclosed Researchers at Telspace Systems have advised they have found a Zero Day exploit, but no fix is yet available. The release date has been estimated to be in the July 2018 Patch Tuesday, however we will let you know when a fix is announced. The issue lies in Microsoft’s ECMAScript…

FBI Warns Again of New Hidden Cobra Strike

Hidden Cobra Strikes Again US-CERT and the FBI have issued a new alert on cyber-attacks it blames on North Korea.  The warning is about the hacking operations dubbed “HIDDEN COBRA” that the United States charges were launched by Pyongyang. The alert did not identify specific victims, though it cited a February 2016 report from several…

The Rapid Rise of the IoT

The IoT is Here to Stay: Risks Included Research from Metova has revealed the current scale of smart product adoption in the United States.  According to Metova, 90 percent of U.S users now own some form of smart device. This shows the IoT has truly reached mass adoption across the country. This also presents inherent…