Doug Olenick SC Media | Page 2 of 254

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

Mirai variant Mukashi searching out Zixel NAS devices

The new Mirai variant Mukashi is targeting Zyxel network attached storage (NAS) devices using brute force attacks based on the default admin credentials and then exploiting CVE-2020-9054. Palo Alto Networks Unit 42 said almost all Zyxel NAS products running firmware versions up to 5.21 are susceptible. CVE-2020-9054 is a pre-authentication command injection vulnerability, which may…

Coronavirus news being used to sneak malware past AV programs

In an effort to make malware appear legitimate and help it sneak past security software, groups using two well-known trojans are inserting news text from Coronavirus stories into their file descriptions. Padding malware with fake news is not new but Bleeping Computer has found Trickbot and Emotet now being used in conjunction with stories associated…

Drupal, Google and Cisco post security advisories

Batches of security advisories were rolled out by Drupal, Google and Cisco yesterday addressing a host of critical-rated issues for their products. Drupal addressed a critical vulnerability affecting Drupal 8.7 and 8.8. The issue is a Cross Site Scripting vulnerability in third-party libraries. An attacker that can create or edit content may be able to…

Five tips for managing remote workers during a pandemic

Is your organization ready to securely support a wide range of remote workers in the wake of a global pandemic? With cases of coronavirus mounting in countries around the globe and the Centers for Disease Control (CDC) warning citizens to be prepared for the likelihood the illness will spread across other regions of the world,…

Rogers’ vendor leaves database open

A third-party service provider to Rogers Communications left open a database used for marketing purposes, exposing customer PII. The Canadian telecom provider did not name the firm involved, nor the number of people affected, but reported that the incident was uncovered on Feb. 26, 2020 and involved the service provider leaving a database open to…

Next post in Privacy & Compliance News and Analysis