Doug Olenick SC Media | Page 2 of 240

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

Samba issues patches for three vulnerabilities

Samba released security updates patching three issues CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344. The medium-rated CVE-2019-14902 fixes a problem where a newly delegated right, but more importantly the removal of a previously delegated right, would not be inherited on any domain controller other than the one where the change was made. This means if a user had…

Malware redirecting visitors found on 2,000 WordPress sites

More than 2,000 WordPress sites have been infected with malicious JavaScript that redirects visitors to scam websites and sets the stage for additional malware to be downloaded at a later time. The Sucuri team said access is gained to WordPress sites through plugin vulnerabilities, including Simple Fields and CP Contact Form with PayPal. A large…

FireEye adds Cloudvisory to its stable

FireEye has acquired the cloud-security startup firm Cloudvisory. FireEye said the deal places a capstone on its collection of cloud security offerings enabling it to offer customers a one-stop-shopping environment for their cloud security needs. “Cloudvisory gives our customers the ability to actively auto-discover cloud assets to map their policies and relationships in Amazon AWS,…

Mushtik botnet now shopping for Tomato routers

A new variant of the Mushtik botnet has been found attacking routers using the open-source Tomato router firmware with about 4.600 routers currently exposed on the internet. Musthtik has been operating since March 2018 using a worm-like propagating ability to infect and harvest Linux servers and IoT devices. The good news is the new variant…

CyberRisk Alliance appoints David Longobardi Chief Content Officer

New York, NY, January 21, 2020 — CyberRisk Alliance (“CRA”), a business intelligence company serving the cybersecurity and information risk management marketplace, today announced the appointment of David Longobardi as Chief Content Officer. In this new role, David will design and execute the company’s content strategy and manage content operations across all platforms. David’s mission…

Amex

American Express, PayPal customers now targeted by 16Shop

The Indonesian cybercrime gang Cyber Army has expanded its phishing-as-a-service offering, dubbed 16Shop, enabling users to target PayPal and American Express customers. This criminal operation was first picked up by McAfee in November 2018 and has primarily targeted Apple owners and Amazon customers for its phishing attacks, but now ZeroFOS’s Alpha Team has proof 16hop…

Application isolation and virtualization provide a false sense of cybersecurity

A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity. The vulnerability, CVE-2019-14378, has a severity of 8.8, and was first published in the National Vulnerability Database on July 29th, 2019. The vulnerability affects QEMU, the popular open source machine emulator and virtualizer. Short for…

Get ahead of the cybersecurity curve

Experienced cybersecurity leaders are beginning to call for a move from reactive detection to proactive prevention. It’s clear that the need to get ahead of the cybersecurity curve is real. Over the past decade, experts talked about the number of days that malware is in your system, and now the discussion is fast becoming how…

Equifax class action suit settled

A Georgia court gave final approval for Equifax’s $380.5 settlement in response to a class action suit brought for the September 2017 data breach that exposed the PII of 148 million customers. Judge Thomas W. Thrash of the Northern District of Georgia ordered Equifax to place the money in a fund from which victims can…

Next post in Legal