FBI Warning: Reset Your Routers

FBI, DHS, and UK Authorities issue warning over VPNFilter The FBI, DHS and UK authorities have issued a warning for the VPNFilter malware threat. According to Alert TA18-145A, there are concerns that actors will use VPNFilter to target routers and “collect intelligence, exploit local area network (LAN) devices, and block actor-configurable network traffic.” Cisco researchers…

The Rapid Rise of the IoT

The IoT is Here to Stay: Risks Included Research from Metova has revealed the current scale of smart product adoption in the United States.  According to Metova, 90 percent of U.S users now own some form of smart device. This shows the IoT has truly reached mass adoption across the country. This also presents inherent…

Red Hat Vulnerabilities Exposed

Red Hat Linux DHCP Client Vulnerability Red Hat has been made aware of a couple of flaws in the way the Linux kernel handles exceptions triggered after the POP SS and MOV to SS instructions, these are identified as CVE-2018-8897 & CVE-2018-1087. These issues could lead to a denial of service (DoS) for unpatched systems.…

Microsoft Fixes Two Zero-Day Exploits

Two Zero-Day Exploits Resolved Microsoft has released two zero-days that have actively been exploited in the wild by cybercriminals. Microsoft has credited Qihoo 360 and Kaspersky Lab for reporting this vulnerability. Both companies say the flaw has been exploited in targeted attacks, but no information is currently available. Double Kill IE 0-day Vulnerability (CVE-2018-8174) under…

May Patch Tuesday: Major Windows 10 Updates

Logitech IoT Harmony Hub Fixes Several Security Flaws Harmony Hub-based products, which include Harmony Elite, Home Hub, Ultimate Hub, Home Control, Pro, Smart Control, Smart Keyboard, Ultimate Home, and Harmony Hub are potentially vulnerable to four types of vulnerabilities that can be combined to gain root access to a device via SSH. Harmony Hub is…

Windows Containers Opened: Microsoft Issues Emergency Patch

Microsoft Releases Critical Update In something of an unusual move, Microsoft has released a critical update before Patch Tuesday. This patch addresses a vulnerability within the Windows Host Compute Service Shim (hcsshim) library. Thanks to work by Swiss security researcher Michael Hanselmann, the flaw was identified and an update has been released. According to the…

Oracle Doesn’t Predict WebLogic Flaw

Oracle WebLogic Flaw Opens Door to Hackers In early April, Oracle released updates for a vulnerability within WebLogic Server. At the time, it seemed like that was that, but now a tech researcher claiming to be part of Alibaba’s security team has found a work around. There are also indications that hackers are seeking to…

Spectre Still Haunts Microsoft and Intel

Living in the Shadow of Spectre After fumbling their first attempt at patching the Spectre vulnerability, Microsoft has released Security Update 4078407. According to their security advisory, “applying this update will enable the Spectre Variant 2 mitigation CVE-2017-5715 – “Branch target injection vulnerability.” Microsoft has released several stages of updates in an attempt to deal…

Third-Party Patch Update: April 2018

Cisco Patches Vulnerability in WebEx Cisco has just released a CVSS 9 rated update for its WebEx software. In their own words, the unpatched vulnerability “could allow an authenticated, remote attacker to execute arbitrary code on a targeted system.” The malicious party would share a Flash file via WebEx’s sharing capabilities to gain control of…

Ocean’s IoT: Casino Hacked Through Fish Tank

Casino Infiltrated through Internet-Connected Fish Tank Thermometer Picture this: Jazzy music underscores George Clooney’s Danny Ocean pulling off another daring heist. He’s gathered his crew and it’s go time. Their entry point? A fish tank in the lobby. Okay, maybe that’s not the best physical access point, but it is how hackers stole data from…