The vulnerability had to do with the social network’s “view as” feature.Source: Facebook breach put data of 50 million users at risk
Posts Tagged ‘Exploit’
The Breach didn’t compromise passwords, but was related to a secure token allowing someone to convince Facebook they were you. It also effected some other apps that use Facebooks services. Read more on the CNet link below.
Teams of software experts have discovered a bug in both Intel and AMD processors that can allow malicious code access to confidential information. Some patches are currently available, but not all aspects are fixable at the moment. This issue is serious and effects Microsoft Windows, Apple MacOS and Linux as well as as mobile devices Apple iOS and Google ChromeBooks. Basically anything with an Intel or AMD effected CPU. Keep up to date on your patches, Retire old Out of Service Operating systems. Yes people are still using XP, 2003, etc. It’s time for them to go away finally. No patches will come out for older OS making them just huge targets. Keep your OS and AV up to date or just ask us about RMM and WebRoot. Read more in the links below. https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html http://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/
Your (Fill in name of device here) is Not immune from attack. Even the iPhone. There are many vectors for attacking an iPhone. One that uses WiFi (scary) was recently patched. Update your iOS Device now. The iPhone is still my phone of choice and is much less susceptible to attack than say Android. But it like any other platform is still subject to attack. So the saying “semper vigilans” is a good rule where technology is concerned. Don’t trust unknown sources, networks, people, devices, cables, etc. This means Don’t let people play with your phone, don’t give out your pin, don’t connect to that Free hotspot, don’t plug into some unknown charging cable/port and ALWAYS stay up to date on your patches. If you don’t patch the holes that the experts work so hard to plug just become a bullseye for those looking for a weakness. Each flaw gets published and when it’s not repaired it’s almost a road map of how to compromise your device. Here are a few articles to get you started. the Register: No one still things iOS is invulnerable to malware, right? CBSNews about the WiFi Exploit: If you use Wi-Fi on your iPhone or iPad, get this security update
As I have said many times undisclosed vulnerabilities make EVERYONE susceptible to exploits. In an attempt to extort money, a group know as Shadow Brokers has acquired a bunch of hacking tools used by the NSA (and others?). These are a bit dated, but still very effective on Windows 7 to 2012. When no one would pay the hush money they demanded they decided to just start releasing them to the public. So now unpatched systems or ones with no current patch available can be fairly easily exploited. In layman terms someone you don’t like could have complete access to your computer. Install or run any software they wanted including key loggers, monitoring software, viruses or just download or delete your files. That’s not all either. Think you’re safe behind your firewall? There are also exploits for Cisco and VPN technologies. Read more on The Register. Remember to patch your systems or have us do it for you.
Cisco Talos today warned of a flaw in the X.509 certificate validation feature of Apple macOS and iOS that could let an attacker remotely execute code and steal information.Source: Cisco Talos warns of Apple iOS and MacOS X.509 certificate flaw
Using an approach that targets redundancy in cellular networks to provide backup routes for service a Hacker has determined how to intercept or perform DoS attacks on practically all LTE phone service. Read more on TheRegister.com:
Wondering about Padlock? You should! It’s touted as a “Serious Flaw” in SMB variations of which are used in Linux, Windows and yes even Mac. What does the flaw exactly do? We don’t know that yet. But the company that discovered the flaw has also been writing the effected code for the last decade. So the question is… Are they just finding one of their own mistakes now and using it as a marketing tool to draw more business. Either way, we won’t know until the details are released on April 12th. No word on wether or not software manufactures will have the patch available by then though. Read more on Wired Below.
A web site and logo created to draw attention to the mysterious bug is instead drawing criticism for the people who discovered the flaw.Source: Hype Around the Mysterious ‘Badlock’ Bug Raises Criticism
Do you feel safer now that the government can hack into your iPhone? You shouldn’t. 1 reason is that it did not invent this hack. It was discovered by an outside company. It is believed that it is from an Israeli firm, so not even US based. Will the government disclose this method to Apple or the people effected by it? Very Doubtful. This is like having a combination lock on your front door that an unknown number of people have the code too. Now do you feel safe? Read more on dailydot.com below.
‘We are in this together,’ said the FBI’s letter to local cops.Source: FBI offers its new iPhone hack to local law enforcement agencies
An Italian teen who we will call talented but irresponsible found and developed an exploit of Apple’s Mac OS. Talented in that he could find not just one but two in the relatively secure Mac OS. Irresponsible in that he published the details on GitHub only hours after notifying the software giant of his discovery. It is customary to allow the developer time to address and patch an issue before disclosing it to the world for every hacker to jump on and exploit. What he did by discovering the flaws is commendable. But by disclosing them without any adequate time for the developer (Apple) to respond is reckless and causes a large issue opening even more computers to hack attempts because of his rush to seek fame.
The exploit he developed yields root accessSource: Italian teen finds two zero-day vulnerabilities in OS X | Network World