IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Logitech Leaves Keystroke Injection Flaw Unaddressed for Months.

    Three months ago, security researcher Travis Ormandy from Google Project Zero detailed a significant flaw of which Logitech has finally released a patch. In his September 18th meeting the engineers at Logitech gave the impression that they understood the problem and had a fix in mind and were ready to roll out a patch immediately.

Holiday Gift from Microsoft Introducing Windows Sandbox!

If you every attended any of my security talks i talk about the risks of surfacing the web or installing software you not sure of... Well Microsoft gave us a gift this week on the windows 10 Beta Build 18305 they have introduced an great new feature Windows Sandbox !

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.

Vulnerability chain exploits MacOS

Dropbox recently revealed three critical security vulnerabilities in MacOS that would allow execution of arbitrary programs on a target machine triggered just by visiting a webpage. The vulnerabilities were found by the cybersecurity firm Syndis, who were hired for red team exercises on Dropbox’s infrastructure. The three vulnerabilities by themselves were of minimal actual security impact on their own but when chained together could be used to compromise a target machine by simply getting them to visit a webpage.

RID Hijacking

Relative Identifier (RID) Hijacking has recently gained public attention as a simple, novel, and effective technique to maintain persistence on a Windows system after initial compromise. As information security awareness continues to rise in many organizations their overall security posture also increases, especially in larger organizations that can afford it. As a result, many attackers are forced to leverage stealth techniques when targeting these types of companies to bypass security mechanisms.

Pages

Subscribe to RSS - Jay Ferron's blog