Will You Avoid This Major Security Threat?

Two Major Vulnerabilities Could Expose You Security vulnerability CVE-2018-8225 and CVE-2018-8267 are both publicly disclosed exploits that have garnered high CVSS scores. These weaknesses were reported to Microsoft through Trend Micro’s Zero Day Initiative (ZDI). CVE-2018-8225 is a vulnerability that impacts the Windows DNS component DNSAPI.dll. An attacker can leverage this flaw to execute arbitrary…

Third-Party Patch Update: June 2018

Third Party Software Updates: June 2018 Roku TV & Sonos IoT devices, which are widely used in businesses that handle sensitive consumer data, such as credit card number and health records, are vulnerable to DNS hacking. These two IoT devices are frequently installed within fast casual dining, medical and dentist businesses. These devices can be…

Ransomware in 2018 Has New Leverage

Ransomware’s Unexpected Ally: GDPR While the intentions of GDPR are positive, analysts are predicting an unintended side effect. Actors using ransomware to extort companies could use GDPR as leverage. With the strict requirements to stay within GDPR compliance, actors can put pressure on victims to pay out as quickly as possible. In addition, because GDPR…

Cortana Exploited to Hack Windows 10 PCs

Cortana Stealing Windows 10 Passwords & Photos Cortana, Microsoft’s AI-based smart assistant, could help attackers unlock your system password. As one of their flagship features, Cortana comes built into every version of Windows 10. Publicly known as CVE-2018-8140, this vulnerability has been given a severity rating of Important by Microsoft. Normally something this invasive would be…

Critical Flaws in Global Security Cameras

Global Security Infrastructure Exposed Axis Communications, the global market leader for IP enabled security cameras, has confirmed there are seven major vulnerabilities in 400 of its security camera models. Axis’ cameras are frequently used as part of critical security infrastructure in places like the Sydney Airport, Moscow Metro and the City of Houston. Exploitation of…

June Patch Tuesday: Summer Storm

Microsoft Releases 50 Updates For June Patch Tuesday, Microsoft has released a massive 50-update rollup that affects every version of Windows still in support. Included are fixes for the Windows OS, Internet Explorer, Microsoft Edge, the ChakraCore JavaScript engine, Microsoft Office and Microsoft Office Services, and Web Apps. If you are using Windows 10, this…

Flash Alert: Zero-Day Update

Adobe Issues Patch for Flash Player Zero-Day Exploit Adobe has released a critical update for Flash. This zero-day vulnerability is, on a limited basis, being exploited in the wild. According to the Adobe Security Bulletin, “These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.” It seems the end of Flash is going…

100 Million IoT Devices Exposed

Z-Wave IoT Devices Exposed Z-Wave, a protocol primarily used for home automation, is vulnerable to security downgrade attacks. According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart products. It is estimated that over 100 Million IoT devices are affected. It…

Microsoft Zero-Day for JScript

Remote Code Execution Vulnerability Disclosed Researchers at Telspace Systems have advised they have found a Zero Day exploit, but no fix is yet available. The release date has been estimated to be in the July 2018 Patch Tuesday, however we will let you know when a fix is announced. The issue lies in Microsoft’s ECMAScript…

FBI Warns Again of New Hidden Cobra Strike

Hidden Cobra Strikes Again US-CERT and the FBI have issued a new alert on cyber-attacks it blames on North Korea.  The warning is about the hacking operations dubbed “HIDDEN COBRA” that the United States charges were launched by Pyongyang. The alert did not identify specific victims, though it cited a February 2016 report from several…