by Scott Muniz | Apr 15, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System (DNS) implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Internet of Things (IoT), operational technology (OT), and information technology (IT) devices. A remote attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Forescout Research Labs and JSOF Research Labs report NAME:WRECK Breaking and Fixing DNS Implementations and Forescout NAME:WRECK web page for more information, including recommended mitigations.
by Scott Muniz | Apr 14, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities. APT groups often use elaborate social engineering and spear phishing schemes to trick victims into running malicious code through malicious links and websites.
CISA recommends cybersecurity practitioners to guard against this specific APT activity and review the following reports for more information:
Additionally, CISA strongly encourages cybersecurity practitioners use sandbox environments that are isolated from trusted systems or networks when examining untrusted code or websites.
by Scott Muniz | Apr 13, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Google has updated the stable channel for Chrome to 89.0.4389.128 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome release and apply the necessary changes.
by Scott Muniz | Apr 13, 2021 | Security, Technology
This article is contributed. See the original author and article here.
SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the SAP Security Notes for April 2021 and apply the necessary updates.
by Scott Muniz | Apr 13, 2021 | Security
This article was originally posted by the FTC. See the original article here.
When it comes to scammers, nothing is sacred — including the bond between grandparent and grandchild. Lately, grandparent scammers have gotten bolder: they might even come to your door to collect money, supposedly for your grandchild in distress.
These kinds of scams still start with a call from someone pretending to be your grandchild. They might speak softly or make an excuse for why they sound different. They’ll say they’re in trouble, need bail, or need money for some reason. The “grandkid” will also beg you to keep this a secret — maybe they’re “under a gag order,” or they don’t want their parents to know. Sometimes, they might put another scammer on the line who pretends to be a lawyer needing money to represent the grandchild in court.
But, instead of asking you to buy gift cards or wire money (both signs of a scam), the scammer tells you someone will come to your door to pick up cash. Once you hand it over, your money is gone. But you might get more calls to send money by wire transfer or through the mail.
To avoid these scams and protect your personal information:
- Take a breath and resist the pressure to pay. Get off the phone and call or text the person who (supposedly) called. If you can’t reach them, check with a family member to get the real story. Even though the scammer said not to.
- Don’t give your address, personal information, or cash to anyone who contacts you. And anyone who asks you to pay by gift card or money transfer is a scammer. Always.
- Check your social media privacy settings and limit what you share publicly. Even if your settings are on private, be careful about what personal identifiers you put out on social media.
If you lost money to this kind of scam, it was a crime, so file a report with local law enforcement. And if you get any kind of scam call, report it at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments