We all have S3 Buckets, don’t we? Dark Reading has a good tutorial on how to secure your bucket, including access AND encryption: https://www.darkreading.com/edge/theedge/how-to-prevent-an-aws-cloud-bucket-data-leak–/b/d-id/1337093
General
Tech Support Scams
Jared Hall General No Comments
So, in the first week in December, I got a call from a number listed as being from “Seattle, WA”. I was greeted by a gentleman with an East-Indian accent: Caller: “Hello. This is Samir from Microsoft Tech Support. I’m here to help you with your login problem.” Me: “I have no login problems.” Caller […]
Apple Fixes Critically Stupid Error in High Sierra
Jared Hall General No Comments
ZDnet broke a story about a critical error in macOS 10.13.0, 10.13.1 (current), and 10.13.2 Beta. The issue is that the system allows login of the “root” user, with no password. Simply wake up the Mac, go to the logon screen, and select “Other User”. Enter a username of “root” with a blank password. Enjoy the […]
Update Your Dahua NVR & IP Cameras
Jared Hall General No Comments
Positive Technologies has outdone themselves. They have discovered a critical vulnerability in Dahua IP Cameras and NVR systems and has documented it here. CERT has a good write-up available as well. I’ve always liked Dahua because for their relatively low cost and durability. Their cameras and NVRs are built like brick houses. There are software […]
Intel Inside? Better get it out!
Jared Hall General No Comments
Alas, poor Intel. What a mess you’ve made. On November 17, 2017 I wrote an article describing the work Positive Technologies had done in researching the Intel Management Engine and discovering the NSA’s HAP (High Assurance Program) boot mode. They found a bunch of flaws in the Intel architecture which has the industry buzzing. The […]
Hacking VoIP Phones
Jared Hall General No Comments
Business Insider has an interesting article on how they were able to attack and exploit Cisco VoIP phones. After all, as they point out, what is a VoIP phone? It’s a computer with a microphone! Their article can be viewed here: http://www.businessinsider.com/hackers-can-turn-office-phone-into-remote-listening-device-cybersecurity-hack-cisco-spying-tap-2017-11 Yes, your VoIP phones fall squarely into the category of Internet of Things. and […]
New VMware Vulnerabilities
Jared Hall General No Comments
VMware has fixed critical vulnerabilities, releasing these versions: Horizon View Client 4.6.1, Workstation Pro 12.5.8, Workstation Player 12.5.8, Fusion Pro / Fusion 8.5.9. These address issues ranging from Client O/S being able to run commands on the Host O/S, crashing Client VMs (Virtual Machines), and unprivileged users crashing their VMs. Note that Workstation 14.X and Fusion 10.X versions […]
Microsoft Security Bulletin: Quakbot and Emotet Trojans
Jared Hall General No Comments
Earlier this month, Microsoft released a security bulletin with comprehensive information about the Quakbot and Emotet Banking Trojans. They release their own variant of this malware’s Kill Chain: To guard against this problem, Microsoft has two solutions; (1) Use Advanced Threat Protection (ATP) with Office 365/Exchange Online email services, and (2) Activate the Windows Defender […]
Patch Tuesday: November 2017
Jared Hall General No Comments
Microsoft’s Patch Tuesday for this month includes 53 updates. There are four Zero-Days fixed, although no known exploits for these exist in the wild. CVE-2017-8700 (ASP.NET Core information disclosure) CVE-2017-11827 (Microsoft browser memory corruption) CVE-2017-11848 (Internet Explorer information disclosure) CVE-2017-11883 (ASP.NET Core denial of service) The Dot.Net fixes always present some challenges for business customers. […]
Intel AMT/ME, MINIX, and NSA’s HAP
Jared Hall General, Spy vs. Spy No Comments
MINIX (Mini-Unix) is a micro-kernel O/S based upon the AT&T’s 1979 release of Unix Version 7. It was developed by Andrew Tanenbaum in 1987 for use on PC platforms. Version 7 is significantly older than AT&T’s Unix System 5 Release 3/Release 4 variants that are the basis for most Unix, Linux, and BSD systems today. However, […]