CyberSecurity Updates

02 Nov

TikShock: Don’t get caught out by these 5 TikTok scams

Information

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok? TikTok continues to shock us all by breaking records and widening its audience, yet unfortunately with such a broad reach, scammers inevitably remain not too far behind. In only six years it has become the dominant social media platform for sharing and viewing short videos and now boasts that viewers…

Read More
02 Nov

How to take control over your digital legacy

Information

Do you have a plan for what will happen to your digital self when you pass away? Here’s how to put your digital affairs in order on Facebook, Google, Twitter and other major online services. There’s no easy way to put it: We’re all going to die. And once dead, why would we care about our social media presence? Sounds like the least important thing to consider at that point. But in fact, it isn’t.…

Read More
02 Nov

The spy who rented to me? Throwing the spotlight on hidden cameras in Airbnbs

Information

Do you find reports of spy cams found in vacation rentals unsettling? Try these tips for spotting hidden cameras and put your worries to rest. Thanks to technology advances, travel has become faster, cheaper and more streamlined for many of us. We can book flights via smartphone apps, check in online, easily overcome language barriers and avoid getting lost. Finding somewhere to stay has also never been easier as technology has opened up a whole…

Read More
02 Nov

SHA-3 code execution bug patched in PHP – check your version!

Information

by Paul Ducklin You’ve probably seen story after story in the media in the past week about a critical bug in OpenSSL, though at the time of writing this article[2022-11-01T11:30:00Z], no one covering OpenSSL actually knows what to tell you about the bug, because the news is about an update that is scheduled to come out later today, but not yet disclosed. We’ll be covering that bug once we actually know what it is, so…

Read More
02 Nov

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

Information

by Paul Ducklin We’ll start with the important stuff: the widely awaited OpenSSL bugfixes announced last week are out. OpenSSL 1.1.1 goes to version 1.1.1s, and patches one listed security-related bug, but this bug doesn’t have a security rating or an official CVE number. We strongly recommend that you update, but the CRITICAL update that you will have seen in the cybersecurity media does not apply to this version. OpenSSL 3.0 goes to version 3.0.7,…

Read More
02 Nov

Azul detects Java vulnerabilities in production apps

Data Breaches, Malware, Social Engineering

Java services company Azul has unveiled Azul Vulnerability Detection, a SaaS product that leverages the Azul JVM to continuously monitor Java applications for security vulnerabilities. Azul Vulnerability Detection, introduced November 2, is an agentless cloud service designed for production use. It addresses enterprise risk around software supply chain attacks and eliminates false positives while not impacting performance, Azul said. Accessible from azul.com, Azul Vulnerability Detection identifies code running in the Azul JVM and maps it…

Read More
02 Nov

How to securely manage LAPS on a Windows network

Data Breaches, Malware, Social Engineering

Passwords have always been a pain point in securing computing infrastructure. Complexity and length are key components of a strong password, but both make it inherently difficult for a human to remember. Additionally, passwords should be changed periodically, fine when you’re working with a handful of devices, but when your network is distributed geographically with hundreds, or thousands of computers things get more complex. Fortunately, Microsoft has had a solution to this problem in the…

Read More
02 Nov

Netacea launches malicious bot intelligence service to help customers tackle threats

Data Breaches, Malware, Social Engineering

Cybersecurity vendor Netacea has announced the launch of a new Business Logic Intelligence Service (BLIS) designed to give customers actionable insight to help them tackle malicious bot activity and security threats. The firm said that the tiered, fee-based service will provide organizations with bot threat intelligence based on research including analysis of dark web forums and marketplaces. Earlier this year, the 2022 Imperva Bad Bot Report revealed an uptick in malicious bot activity driving online…

Read More
02 Nov

GAO report: government departments need dedicated leaders to oversee privacy goals

Data Breaches, Malware, Social Engineering

The US Government Accountability Office (GAO) released a comprehensive report in late September 2022 that discussed the need for dedicated privacy leadership within the departments and agencies of the executive branch of government if goals surrounding privacy are to be achieved. The report highlighted how this void in leadership was in essence putting at risk well-intentioned plans and procedures for protecting the personal identifiable information (PII) held within those entities. The GAO recommended that Congress…

Read More
01 Nov

OpenSSL Releases Security Update

Attacks, Insights, Malware

Original release date: November 1, 2022 OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, “can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code…

Read More