MS Office DDE Exploit/BadRabbit Ransomware
Over the past few weeks there have been reports of attackers exploiting a built-in Microsoft Office feature and leveraging it in several large malware campaigns. The feature being exploited is called ...
Posts for category: Best Practices Weekly Summaries
KRACK/Lessen the chances of shoulder surfing
Earlier this week, a critical vulnerability in WPA2 was exposed to the public. Security researchers found that WPA2 can be abused to eavesdrop on traffic users believe to be encrypted. The attack, ...
OnePlus Data Collection Practice/Apple ID Phishing
Earlier this week, security researcher Christopher Moore published a blog post detailing the questionable data collection practice of OnePlus. OnePlus is a smartphone manufacturer based in Shenzhen, ...
EFI Firmware Vulnerabilities Present in Millions of Up-to-Date Macs
Researchers at Duo found that Mac users who have kept up with security updates may be much more vulnerable than they expect. During their research, Duo analyzed over 73,000 Macs and discovered that ...
Disaster Recovery Best Practices
TeraGo released a white paper detailing disaster recovery best practices. They performed a survey in partnership with IDC Canada of different Canadian organizations’ disaster recovery plans and ...
Thousands of ElasticSearch Servers Compromised
Researchers at the Kromtech Security Center have found around 15,000 unsecure Elasticsearch servers with more than 4,000 of those hosting point-of-sale (POS) malware. Among these 4,000 servers, 99% ...
Equifax Suffers Monumental Data Breach
Equifax, one of the three largest credit agencies in America, has suffered one of the largest data breaches in history, exposing around 143 million people’s personal information. Ironically enough, ...
FDA Recalls 465K Pacemakers/ATM Skimming on the Rise
Overview The Federal Drug Administration (FDA) is recalling 465,000 pacemakers manufactured by Abbott Laboratories due to vulnerabilities that can allow attackers to gain unauthorized access. The ...
Last week, the Federal Communications Commission (FCC) released a public notice encouraging the implementation of the Communications Security, Reliability, and Interoperability Council (CSRIC) best ...
Critical Juniper Routers and Switches Vulnerability
What is it? Last week, Juniper warned its customers about a vulnerability (CVE-2016-3074) that can allow attackers to remotely execute code on machines running certain versions of the Junos OS. ...