IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Oracle Critical Patch Update contains 334 new security patches across the product familie

Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:

25000 Citrix security issue

    With an estimated 25,000 hosts still vulnerable and proof-of-concept (PoC) exploit code now being released, things went from bad to worse for those affected by the vulnerability CVE-2019-19881. In December, Mikhail Klyuchnikov, a researcher at Positive Technologies disclosed a vulnerability that would allow for direct access to a company’s network from the Internet. He stated that this vulnerability affects all versions of Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway).

Peekaboo Moments failed to secure an Elasticsearch database

    A popular app allowing parents to track their baby’s special moments by storing videos, pictures, height, weight, location, and other milestones in a child’s development has leaked thousands of those special moments online. Peekaboo Moments, developed by Bithouse Inc., failed to secure an Elasticsearch database containing over 70 million log files containing Peekaboo Moments user’s data, including links to videos, photos, and geo-location coordinates.

New Ransomware Infection SNAKE

    In the first three quarters of 2019, the world saw nearly 152 million ransom-ware attacks affecting every sector from government to education to healthcare. As the threat continues to grow, it costs businesses over $75 million per year. One cybersecurity group estimated a new ransomware infection happening every 14 seconds in 2019 and they expect that to accelerate to an infection every 11 seconds by 2021.

Ring Issues ? Did you secure your Ring properly

    In the world of IoT home cameras, Ring cameras by Amazon are most popular. There can be many benefits of using the cameras for monitoring or as a security device, but it’s been a bad few weeks for the Ring camera. We now have reports of a hacker taunting a child in Mississippi, in another report someone hurled racist insults at a Florida family. A Tennessee family reported that a man hacked their camera to talk to an 8-year-old girl in her bedroom.

Android Malware impacts all Android devices including the most recent versions and updates

    Malicious apps are bad enough, but what if you have one on your phone that looks just like an app you use everyday? As it turns out, researchers from the Norwegian application security firm Promon discovered an Android vulnerability that does just that. 

    Dubbed StrandHogg, it impacts all Android devices including the most recent versions and updates. It also reportedly "puts the top 500 most popular apps at risk" without even needing root access. If you have an Android in your pocket, you are at risk.

VPN Hijacking Attack

A virtual private network (VPN) is supposed to keep the user's traffic over a network safe from outside onlookers. They act as a protected path for communication over a public network to gain access to the resources and capabilities of the private network without a physical connection. Researchers at University of New Mexico have discovered a vulnerability in most  Linux distros that allow an attacker to discover if the victim is using a VPN and to even hijack active connections within the VPN.

Pages

Subscribe to RSS - Jay Ferron's blog