image
Patrick Domingues

Category Archives: Cybersecurity


Critical Cisco SMB Switch Vulnerability

This Critical Cisco vulnerability affects the following: Cisco Small Business 200 Series Smart Switches, 250 Series Smart Switches, 300 Series Managed Switches, 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, 500 Series Stackable Managed Switches and 550X Series Stackable Managed Switches.

The vulnerability (CVE-2018-15439), which has a critical base severity rating of 9.8 because the default configuration on the devices includes a default, privileged user account that is used for 1st time login and cannot be removed from the switch. The administrator can disable the account by configuring another admin account with access privilege set to level 15. If any of the previous created admin accounts are removed it re-enables the default privileged admin account without any notification.

“Under these circumstances, an attacker can use this account to log in to an affected device and execute commands with full admin rights,” Cisco explained in its advisoryRead the rest

Vulnerabilities

773M Credentials Found on the Dark Web

A database called Collection #1 has 773 million breached emails addresses has been found in a underground hacking forum. To date this is the largest sum of compromised accounts to year.

This database in size totals 87GB of data, it was seen being hosted on the MEGA cloud service but instantly removed after it was discovered. The data was split into 12,000 separate text files under a folder called “Collection #1” Even after the database was removed from MEGA Cloud it was instantly turned up in the Dark Web.

Check Your Email Addresses and Passwords in HIBP

Please do yourself a favor and go to https://haveibeenpwned.com/. This website will allow you to search a database hosted by HIBP that contains all the email’s and unique password’s that have ever been leaked into the dark web. 

Read the rest

Data Breach

Fortnite Hacked Via Insecure Single Sign-On

Looks like there was a single sign-on vulnerability with Fortnite that could have had hackers break into millions of accounts and steal their virtual assets. On Wednesday the researchers at Check Point found the vulnerability which is tied to the way the single-sign-on (SSO) works between PlayStation Network, Xbox Live, Nintendo, Facebook and Google and the Epic Games server. The attacker could create a malicious link using a legitimate Epic Games sub-domain to trigger the attack. I’m sure they will be on top of PR and protecting the brand. Every Game is just a Game and can be replaced. Best of luck Fortnite.… Read the rest

Vulnerabilities

Bluehost and other web hosting company sites found to be full of flaws

Independent researcher and bug-hunter Paulos Yibelo has identified four vulnerabilities at the web-hosting platform Bluehost and was found to contain multiple account takeover and information leak vulnerabilities. one of which is a “High” severity information leak through CORS misconfigurations that could allow attackers to steal personally identifiable information, partial payment details and tokens which can give access to hosted WordPress, Mojo, SiteLock and others.

The site is also vulnerable to account takeover because of improper JSON request validation CSRF, Man-in-the-middle attacks due to improper validation of CORS scheme and cross scripting on my.bluehost.com, according to the Yibelo’s recent blog post.

Yibelo tested four other web hosting companies and also found cross scripting and information disclosure vulnerabilities in Dreamhost,  information disclosure among other vulnerabilities in Hostgator and OVH, and account takeover and other vulnerabilities in iPage.… Read the rest

Vulnerabilities

Hacker Group TA505 Ramping Up Their Trickery

Hacker Group TA505 are cyber criminals through and through, they are the bunch that brought you the Locky Ransomware.  TA505 have decided to go after more US companies so get ready for more phishing attacks. 

These phishing attacks will be tailored specifically to their targets so watch out for tricky emails containing attachments like word docs, excel and pdf’s.

  1. Don’t open an attachment unless you know who it is from & are expecting it.
  2. Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments. 
  3. Read More Email Security Tips

 

These attachments will have RAT payloads which will contain a macro that will deployed the AMMYY Remote Software To the computer without the end user knowing which then it will allow them to remotely access your computer and they will install Cryptocurrency miners. These miners are less noticeable to the user because it uses … Read the rest

Vulnerabilities

Lean Six Sigma Implementation in IT Operations

Lean Six Sigma has been around for quite some time and is now starting to be used in IT Operations more often to provide ITSM success.  The implementation of Lean Six Sigma for the most part into the daily IT Operations has been proved fruitful for companies because the strengths of Six Sigma which lies in the data driven approach. It has supported in minimizing the Project Duration and the Lean Six Sigma framework can be used by IT professionals towards challenges and overcome solutions for tomorrow.

Lean Six Sigma is a defect reduction methodology that can transform organizations to focus on the quality of the customer experience, Lean Six Sigma aims to measure and improve both internal processes, such as network speed and reliability, and line-of-business processes in which IT has a role.

 

In this challenging World, IT and the management of information must be handled with care and … Read the rest

Security Policies and Compliance

Adobe Pushed Emergency Patches For Two Critical Flaws.

Adobe has pushed out security updates for two critical vulnerabilities . Adobe Acrobat and Reader for Windows and Mac are affected.

The flaw reported by Apelt is identified as the CVE-2018-16011 and is a bug that can lead to arbitrary code execution. An Attacker can exploit the flaw by tricking an end user into clicking a PDF file which would execute a script with the privileges of the current logged in user.

The last vulnerability was discovered by Hariri and identified it as the CVE-2018-19725, is a security bypass flaw that could result in privilege escalation.

Contact your IT Leaders and make sure your software is updates. Some of you may already have the software to auto update or you can try to update the software yourself by opening up Adobe Acrobat or Reader and clicking Help Check for Updates .

More Resources for downloads.Read the rest

Vulnerabilities

Best Practice Checklist For Business Continuity

No one can predict the future; however, you can be ready with a sound business continuity plan. The business continuity checklist is the first step in the BCP process.  The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic BCP process has been initiated and the Division management has considered what needs to be done to keep essential functions operating if an adverse event occurs.  The checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides competitive advantage.

Program Initiation and Management (Pre-Planning)

  • Establish the need for Business Continuity Program
  • Scope of legal and regulatory authority
  • BCP Sponsor (Senior Management)
  • Business Continuity Steering Committee (5-8 people)
  • BCP protects core assets

 

Risk Evaluation and Control (Pre-Planning)

  • Prioritize planning and resource allocation
  • Identify and mitigate exposures
  • Identify the threats, risks and vulnerabilities
  • Gather information
Read the rest
Security Policies and Compliance

NASA Data Breach Exposing Employee Records

In October Hackers were successful in hacking into and obtaining the information that resides from within an HR Database. The amount of information extracted is potentially significant which compromised records from July 2006 to October 2018 from previous and current employees. There was an internal Memo sent Tuesday to NASA Employees and published at spaceref.com.

NASA did mention that it will assist employees with the help from identity protection services. “The agency is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure the latest security practices are followed throughout the agency,” a NASA spokesperson told Gizmodo.… Read the rest

Data Breach

Memes in Twitter can be used to inject Malware

This new malware uses Twitter to deploy Remote Access Tojans (RATs) from a image. The malware can infect vulnerable computers and collect information, take screenshots and jump to other computers to infect them as well.

Trend Micro said in their Blog Post that the malware listens for commands within the the hackers twitter account . The researchers found two tweets that are used to hide a “/print” command in the image which told the malware to take a screenshot of an infected computer. The malware then separately obtains the address where its command and control server is located from a Pastebin post, which directs the malware where to send the screenshots .

Malware’s code showing the Pastebin URL
Malware’s code showing the Pastebin URL

Read the rest

Vulnerabilities

Available On Amazon

Polls

What Content Do You Want To See?

View Results

Loading ... Loading ...

Categories

Archives

Subscribe Today

Want to know when new posts are published? Enter your email & click on that subscribe button.