Larry Jaffee SC Media | Page 5 of 18

Larry Jaffee

Most recent articles by Larry Jaffee

Fake Cisco switches provoked network failures

Counterfeit Cisco devices were behind the failure of an IT company’s network switches last fall after a software upgrade, an investigation has found. Underscoring the security challenges posed by counterfeit hardware, the real-life anecdote prompted the victimized purchaser to commission F-Secure’s hardware security team to perform a thorough analysis of the components. The company discovered that…

Critical SAP flaw puts 40,000 users at risk

More than 40,000 SAP users of an estimated 2,500 internet facing systems should move quickly to patch a Remotely Exploitable Code On NetWeaver (RECON) vulnerability that scored a 10 out of 10 on the bug-severity CVSS scale and which could give an attacker full enterprise control. Noting that “this is the second major Java-based 0-day in…

DMARC embraced by government, private industry lags

Even though the adoption of DMARC has grown over the past year, only 21 percent) of Fortune 500 companies are protected from being spoofed with only 13.9 percent of all domains enforcing the standard. Industry sectors lag substantially behind U.S. government entities where three-fourths of U.S. federal domains are safeguarded by DMARC enforcement, according to…

Trump approved 2018 retaliatory cyberattack on Russia’s IRA

Despite past assertions that he believed Russian President Vladimir Putin over his own intelligence community that Russia does not tamper with the U.S. electoral process, President Donald Trump last week admitted in an interview with a Washington Post columnist that he approved a 2018 retaliation to take out Russia’s Internet Research Agency (IRA) for precisely…

TaiwanUSB

USB a prevalent industrial vector vulnerability for OT systems

While the ubiquitous USB remains an integral tool to facilitate transferable computing, such removable media is the second most prevalent industrial vector vulnerability for operational technology (OT) systems, according to a Honeywell report. The company first studied the market in 2018, and since then the number of threats capable of disrupting OT rose from 26…

Credit card skimmer preyed on old ASP.NET-powered websites with shopping carts

A credit card-skimming scheme tracked since April and targeting at least a dozen websites – all hosted on Microsoft IIS servers running the ASP.NET web application framework – counts among its victims sports organizations, health and community associations, and a credit union. What they have also in common is that a malicious code was injected…

Cyber Command urges orgs to implement F5 patch for BIG-IP configuration interface flaw

A vulnerability found last month in the configuration interface of the BIG-IP delivery controller used by some of the world’s biggest companies, governments, military, internet service providers, cloud-computing data centers and enterprise networks, was quickly fixed by its developer F5. U.S. Cyber Command retweeted last Friday F5’s advisory to patch immediately the flaw that could…

Mounting IIoT cyber risks must be addressed now to prevent catastrophe: report

Critical infrastructure globally across sectors are at a particularly vulnerable state due to the continued heightened pace of cyberattacks on the Industrial Internet of Things (IIoT), according to a report from Lloyd’s Register Foundation, the U.K.-based global safety charity. Lloyd’s suggests a series of measures to meet the increasing IIoT risks to energy, transport, built…

Next post in Security News