Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted publicly. Most of the watches use SETracker as a backend, an app owned by the…
Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. According to CISA, a remote attacker could exploit some of these vulnerabilities to take control…
A CyCognito research team conducting routine reconnaissance on a customer’s network found a cross-site scripting zero day (XSS) vulnerability on the web admin interface of two different small business Cisco routers. The finding was released in a blog that went live earlier today. Alex Zaslavsky, CyCognito’s head of security research, said they reported the flaw…
A hacker that uploaded ransom notes on nearly 23,000 MongoDB databases left exposed online without passwords has given his potential victims until tomorrow to pay a $140 ransom, or possibly report the breach to local GDPR authorities. According to recent ZDNet story, the hacker used an automated script to scan for misconfigured MongoDB databases, effectively…
Glupteba malware does something novel: It uses the bitcoin blockchain as a communications channel to receive updated configuration information. That’s important because malware always needs a way to go back to its home base, preferably without being detected, according to a paper released this week by Sophos Labs researchers. The new form of malware sprinkles…
Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…
The cyber insurance market continues to evolve and mature with coverage enhancements, along with an abundance of carriers. With so many carriers entering the market, it’s more important than ever for companies to take their time and read the fine print. In their session Tuesday at InfoSec World 2020, “Cracking the Cyber Liability Code,” two…
It happens to the best of them. The long meetings talking about the same old issues. No support from top management. A sense of doom and despair prevails and before the year’s over, you can’t take it anymore. You want out. Everything you’ve experienced confirms the old joke: CISO stands for Career Is Surely Over.…
InfoSec World 2020 — Small suppliers and SMBs shouldn’t think they are immune to hacks. In fact, some of the most prolific hacks started with attacks on third-party suppliers, such as HVAC companies and small defense manufacturers. The Target hack quickly comes to mind. In the InfoSec World 2020 session, You’ve Been Pwned…But Your Customers…
Researchers at Awake Security have made news over the past 24 hours exposing a scheme in which some 79 malicious Google extensions were found on the Chrome Web Store as recently as the first week of May. While much of the news focused on the malicious Chrome extensions, security pros were scratching their heads over…
