IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Android Malware impacts all Android devices including the most recent versions and updates

    Malicious apps are bad enough, but what if you have one on your phone that looks just like an app you use everyday? As it turns out, researchers from the Norwegian application security firm Promon discovered an Android vulnerability that does just that. 

    Dubbed StrandHogg, it impacts all Android devices including the most recent versions and updates. It also reportedly "puts the top 500 most popular apps at risk" without even needing root access. If you have an Android in your pocket, you are at risk.

VPN Hijacking Attack

A virtual private network (VPN) is supposed to keep the user's traffic over a network safe from outside onlookers. They act as a protected path for communication over a public network to gain access to the resources and capabilities of the private network without a physical connection. Researchers at University of New Mexico have discovered a vulnerability in most  Linux distros that allow an attacker to discover if the victim is using a VPN and to even hijack active connections within the VPN.

Get or Buy a New Smart TV Warning

    Smart TVs have become extremely common in the last few years; it is even difficult to buy a new TV without smart functionality. Having Netflix streaming built into your TV can be convenient, but connecting your TV to the internet might not be the best idea. The FBI issued a warning this week regarding smart TVs and the risks associated with including your TV in the often poorly secured Internet of Things pool.

(In)Security Management Engine

   The out of band management system bundled on almost all Intel processors has become a hot target for attackers in recent years. This is because it runs alongside the main processor and has virtually unrestricted access to all the hardware in the machine. As long as the machine has power the management engine is sitting there silently waiting for commands from a system administrator with access to it.

Vulnerability in Amazon’s Ring Video Doorbell

    Researchers at Bitdefender have found a vulnerability in Amazon’s Ring Video Doorbell which allows an attacker with proximity to the device to intercept the Wi-Fi credentials of the network it operates on, which could lead to further attacks to devices on the network. The Ring Doorbell is an IoT device that allows a person to remotely view and communicate to people on their property. The exploit revolves around the setup procedure and the lack of security in place during that setup.

Amazon Alexa and Google Home are listening

    Amazon Alexa and Google Home are listening. It’s likely you are aware of the security and privacy concerns as well as their mitigations. It’s the price we pay for the technology we want. Unfortunately, there is another attack vector recently exposed by researchers at Germany's Security Research Labs (SRL). The most interesting part of this research is that it is an absolute “confirmed proofof-concept”.

Adobe Data Leak

    Multinational software company Adobe has suffered a data leak that exposed the account information of an estimated 7.5 million customers, according to security researcher Bob Diachenko. Those affected were subscribers to Adobe’s Creative Cloud service which provides users with access to its line of software applications which includes Photoshop, Illustrator, and After Effects, among others. This leak is the result of an unsecured and poorly implemented Elasticsearch database.

Pages

Subscribe to RSS - Jay Ferron's blog