CyberSecure Specialist

OpenSSL Releases Patches for Two High Severity Vulnerabilities

Patches have been released by most of the major Linux distributions. While the severity of one of the vulnerabilities was downgraded, both are still rated as high severity. Organizations should apply the OpenSSL patch via standard system package update systems such as apt, yum, rpm, dnf, and pacman.The Netherlands’ National Cyber Security Centre has created a useful resource for system administrators to determine if the operating systems or software they manage are vulnerable and if…

Read More

Malicious Android Apps With 1M+ Installs Found on Google Play

To keep adware away from devices, avoid installing apps from unofficial Android stores. Reading user reviews and monitoring battery usage and network data activity also helps determine if the device is running suspicious software. Keeping Google’s Play Protect feature active is also a good way to keep the device safer. Any Android devices that have one of the above apps present should remove that app and run a full system scan using Play Protect or…

Read More

United States Government Employees Exposed to Mobile Attacks from Outdated Mobile Operating Systems

With bring your own device (BYOD) policies becoming more and more common in the workplace, this report is a prime example of how an organization may be left vulnerable if these policies are not properly implemented. Organizations need to ensure that employees are properly updating devices in an efficient manner. Failure to keep devices current could lead to those devices becoming the vector for initial access within an environment. An attacker may use a compromised…

Read More

Dropbox suffers data breach following phishing attack

Cloud storage company Dropbox has suffered a data breach after its employees were targeted by a phishing attack. The attack, which took place on October 14, saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees and gain access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github.  Through the attack, the hacker…

Read More

Fortinet Patches 6 High-Severity Vulnerabilities

Fortinet on Tuesday informed customers about 16 vulnerabilities discovered in the company’s products, including six flaws that have been assigned a ‘high’ severity rating. One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password. The remaining…

Read More

TikShock: Don’t get caught out by these 5 TikTok scams

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six years it has become the dominant social media platform for sharing and viewing short videos and now boasts that viewers…

Read More

How to take control over your digital legacy

Do you have a plan for what will happen to your digital self when you pass away? Here’s how to put your digital affairs in order on Facebook, Google, Twitter and other major online services. There’s no easy way to put it: We’re all going to die. And once dead, why would we care about our social media presence? Sounds like the least important thing to consider at that point. But in fact, it isn’t.…

Read More

The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs

Do you find reports of spy cams found in vacation rentals unsettling? Try these tips for spotting hidden cameras and put your worries to rest. Thanks to technology advances, travel has become faster, cheaper and more streamlined for many of us. We can book flights via smartphone apps, check in online, easily overcome language barriers and avoid getting lost. Finding somewhere to stay has also never been easier as technology has opened up a whole…

Read More

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

by Paul Ducklin We’ll start with the important stuff: the widely awaited OpenSSL bugfixes announced last week are out. OpenSSL 1.1.1 goes to version 1.1.1s, and patches one listed security-related bug, but this bug doesn’t have a security rating or an official CVE number. We strongly recommend that you update, but the CRITICAL update that you will have seen in the cybersecurity media does not apply to this version. OpenSSL 3.0 goes to version 3.0.7,…

Read More

SHA-3 code execution bug patched in PHP – check your version!

by Paul Ducklin You’ve probably seen story after story in the media in the past week about a critical bug in OpenSSL, though at the time of writing this article[2022-11-01T11:30:00Z], no one covering OpenSSL actually knows what to tell you about the bug, because the news is about an update that is scheduled to come out later today, but not yet disclosed. We’ll be covering that bug once we actually know what it is, so…

Read More