Doug Olenick SC Media

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

Get ahead of the cybersecurity curve

Experienced cybersecurity leaders are beginning to call for a move from reactive detection to proactive prevention. It’s clear that the need to get ahead of the cybersecurity curve is real. Over the past decade, experts talked about the number of days that malware is in your system, and now the discussion is fast becoming how…

Equifax class action suit settled

A Georgia court gave final approval for Equifax’s $380.5 settlement in response to a class action suit brought for the September 2017 data breach that exposed the PII of 148 million customers. Judge Thomas W. Thrash of the Northern District of Georgia ordered Equifax to place the money in a fund from which victims can…

Aussie P&N bank suffers data breach

The Australian P&N Bank reported a data breach that exposed detailed and sensitive financial information on an unspecified number of customers. Access was gained on December 12 to the bank’s customer relationship management system, which is operated by a third-party hosting firm, was undergoing an upgrade. Details on how it was accessed were not revealed,…

PlanetDrugsDirect breached, PHI and payment info exposed.

The Canadian online pharmacy PlanetDrugsDirect is notifying customers of a data breach that exposed both payment and personal health insurance. In an email obtained by Bleeping Computer the bargain online retailer said exposed data could include name, address, email, phone number, medical information (including prescription) along with payment card data. The company does not believe…

Army cyber troops

Army (websites) defeated, but for the greater good

Normally the U.S. Army would not tout the success of an attacker, but in the case of Hack the Army 2.0 bug bounty program the service proudly announced 146 vulnerabilities were found. The platoon-sized unit of white hat hackers, 52 individuals, found the valid vulnerabilities while investigating 60 publicly accessible Army websites, including army.mil, .goarmy.mil,…

VMware advisory warns users to patch critical issue in product

VMWare updates Tools fixing race condition

VMWare issued a single security advisory and patch for a vulnerability in its Tools product. The flaw, CVE-2020-3941, affects VMware Tools for Windows version 10.x.y and can be mitigated by updating to version 11.0. The vulnerability, rated as important, is a race condition that can be exploited enabling an unauthorized person from escalating their privileges…

Intel patches six security issues

Intel’s January 2020 security update included six items with one rated high, four medium and one as a low priority. The most important vulnerability is CVE-2019-14613 affecting Intel’s VTune Amplifier for Windows and if left unpatched and exploited can allow escalation of privilege. An update fixing the problem has been posted. The medium CVE-2019-14615 affects…

Adobe rolls out a light Patch Tuesday offering

Adobe’s January Patch Tuesday security update contains five critical patches for Illustrator CC and four non-critical vulnerabilities for Adobe Experience Manager. Two versions of Illustrator CC are covered in this release, 24.0 and 24.0.2 24.0, being impacted by the critical-rated CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714.  All are memory code issues and can lead to…

National Security Agency

NSA reveals to Microsoft critical Windows 10 flaw

Microsoft reportedly acted on an NSA warning creating and issuing a secret out-of-band patch to the military and other high-value targets fixing CVE-2020-0601, a vulnerability affecting a core cryptographic component present in all versions of Windows. Published reports stated that the NSA informed Microsoft of the vulnerability and this knowledge enabled Microsoft to quickly fix…

Next post in Vulnerabilities