The US moved into the #2 spot, flip-flopping with the Ukraine at #3 when compare to Wordfence’s May summary:
Critical Patch Tuesday: 7/11/2017
Jared Hall General, Microsoft Windows No Comments
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]
Debate: Technology, Privacy, and Law Enforcement
Jared Hall General, Internet Security, Spy vs. Spy No Comments
Wow. So, I’m trolling through TV channels and I came across a great debate on CSPAN on July 8th. It was originally aired live on June 6, 2017. The CSPAN broadcast can be found here. The debate was sponsored by Intelligence Squared, and their podcast of the debate can be found here. The Debate Question: […]
2017 HIPAA Violations: Lessons Learned
Introduction I’ve put together a brief list of reported HIPAA violations through 2017. Key points are listed below: Encrypt and password-protect any portable hard drives, laptops, cell phones, digital cameras, and any removable piece of medical equipment. Don’t upset the HIPAA Gods. You have 60 days from breach to when a customer receivers a […]
The Six Phases of a Project or Upgrade
This always brings a smile to my face: ENTHUSIASM Your idea has sparked into a full-fledged project. Woo Hoo! DISILLUSIONMENT Other organizations want their issues addressed by your project. There’s countless meetings. Well, it started out as a simple idea. Bummer. PANIC Bad scheduling, lack of resources, and incomplete follow-through occurs, and massive resources have […]
WordPress and Joomla Updates
Jared Hall General, WordPress No Comments
There were two bugs discovered and fixed in the popular WordPress “WP Statistics” plugin. The first one is a SQL Injection vulnerability that could be exploited by a local, low-privileged user, like a “Subscriber” account. A SQL Injection attack could allow that subscriber to be able to add an “Administrator” account. About the time that […]
Android Users Rejoice!
Jared Hall Android No Comments
As I’ve written elsewhere, Apple iPhones typically have a longer lifespan than Android phones because of Apple’s ability to provide updates. Android’s biggest security problem has been the inability to get timely updates, including critical fixes. Effective July 2017, Google’s “Project Treble” is starting. Project Treble is planned to be a mainstay of the […]
The CIA’s CherryBlossom WiFi Exploits
Jared Hall Internet Security, Spy vs. Spy No Comments
On June 15th, 2017, WikiLeaks provided more “Vault 7” dumps detailing a CIA WiFi router hacking program dubbed “CherryBlossom“. The WikiLeaks dumps can be found here. CherryBlossom is a WiFi router exploitation program designed by the CIA as part of a larger program, “CherryBomb“. A tool called “Claymore” is used to identify WiFi devices. It […]
Inside CIA’s OutlawCountry Linux Hack
Jared Hall Internet Security, Spy vs. Spy No Comments
Last week, in June 2017, Wikileaks released more “Vault 7” documents detailing an exploit of Redhat Enterprise 6 and derivatives (CentOS 6). The exploits loads the Netfilter module into the kernel and then creates hidden iptables rules that perform network traffic redirection. The redirection is based upon DNAT (Destination Network Address Translation) rules. Wikileaks posted […]
Skype: Critical Vulnerability Patched
Jared Hall General, Microsoft Windows No Comments
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]