IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

SmaLock Vulnerabilities

    Smart locks have been increasing in popularity for the last few years. They provide a number of conveniences that make them an enticing option for people looking to replace their current locks. Things like automatically unlocking as you approach with your hands full or allowing a friend to unlock the door only when you’re on vacation sound great at first. But the risks of poorly secured and designed smart locks may outweigh those conveniences.

Sometimes free is the juicy apple with a parasite waiting to land.

    When something is free, chances are pretty high that "the user" is the product. Services that are free usually generate value for the creator or provider by sharing exposure with advertisers or perhaps using the data collected from the "free" product for other means such as market studies or product testing before a final product. But sometimes free is the juicy apple with a parasite waiting to land its hook inside the consumer's gut.

DHS Email Phishing Scam

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.

SensorID, the calibration fingerprinting attack

    Over the years, app security has improved enough that developers must request permissions to areas of your smartphone that their applications need to access. Now we have some control over which apps have access to things such as your camera or extended storage. But did you know that there are still parts of your phone that require no permissions whatsoever? The average smartphone can have over a dozen sensors in it from accelerometers and gyroscopes to proximity sensors and GPS.

Docker Vulnerability

    Docker is a well known application that uses operating-system-level virtualization to develop and deliver software in packages called containers. Senior software engineer Aleksa Sarai discovered a flaw that affects all versions of Docker, that could allow an attacker to gain read and write access to any file on the host system. Recently, a proof-of-concept code has been released demonstrating how an attacker could use this vulnerability.

Pages

Subscribe to RSS - Jay Ferron's blog