December 2016 – A Look Back at 2016

Cyber security has been in the spotlight once again in 2016 so as the year draws to a close we take a look back at our past stories and wonder, have lessons been learned and will security be a priority in 2017?

[…]

March 2016 – Ransomware – The Evolving Threat

Cyber-extortion and blackmail are not new, but cyber-criminals have just about perfected their techniques of extracting money from the masses through the use of ransomware.

Businesses rely on data stored on their PCs, mobile devices and the cloud more and more each day – not necessarily important enough to make sure it is backed up reliably, but certainly enough to panic when criminals encrypt their data and then offer a decryption key at a price. […]

Samba

Samba Security Updates Address Badlock Vulnerabilities

The Samba Team has released security updates that address vulnerabilities, collectively known as Badlock, affecting both Windows operating systems and Samba in UNIX-like platforms. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system or create a denial-of-service condition. Users and administrators are encouraged to review Samba Release News Read more about Samba Security Updates Address Badlock Vulnerabilities[…]

Adobe Releases Security Updates for Acrobat, Reader, and Digital Editions

Original release date: March 08, 2016 Adobe has released security updates to address multiple vulnerabilities in Acrobat, Reader, and Digital Editions. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins APSB16-09 and APSB16-06 and apply the Read more about Adobe Releases Security Updates for Acrobat, Reader, and Digital Editions[…]

Apple Releases Security Update

Original release date: March 09, 2016 Apple has released a security update for Windows 7 and later to address a vulnerability in Apple Software Update. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators should review the Apple security website for Software Update 2.2 and apply Read more about Apple Releases Security Update[…]

ISC Releases Security Updates for DHCP Server

Original release date: March 07, 2016 Internet Systems Consortium (ISC) has released security updates to address a vulnerability in versions of ISC Dynamic Host Configuration Protocol (DHCP) server. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updated versions of ISC DHCP (4.1-ESV-R13 and 4.3.4) will be available soon, and Read more about ISC Releases Security Updates for DHCP Server[…]

HTTPS Vulnerability

SSLv2 DROWN attack could compromise TLS

Security researchers have discovered a new weakness that could allow attackers to spy on encrypted communications between users and one in three HTTPS servers. Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability – referred to as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) in public reporting – may allow a remote attacker to obtain the private key of a server supporting SSLv2.

[…]

Drupal

Drupal Releases Security Updates

Original release date: February 24, 2016 Drupal has released updates to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. Available updates include: Drupal core 6.38 for 6.x users Drupal core 7.43 for 7.x users Drupal core 8.0.4 for 8.0.x users Users and Read more about Drupal Releases Security Updates[…]

ASUS

FTC Shares Security Tips for ASUS Wireless Routers

Original release date: February 23, 2016 | Last revised: February 24, 2016 The Federal Trade Commission (FTC) has provided network security tips for vulnerable ASUS-branded wireless routers. Major security flaws in these routers may have exposed customers’ sensitive information to malicious actors. FTC urges consumers to download the latest security updates for their routers and Read more about FTC Shares Security Tips for ASUS Wireless Routers[…]