Cisco Wireless Device Vulnerability Receives Patch Via Update After 6 Months Since Its Discovery
zdnet.com- Author: Liam Tung - Date: February 28th, 2019
Cisco has released an update this week that patches a vulnerability that targets its wireless VPN and firewall routers. The vulnerability allows an attacker to execute code through the web interface that is used to manage their wireless devices. However, it took Cisco six months to put out this critical update. Knowledge of the existence of this vulnerability has been known by security researchers for six months. The vulnerability is now fixed in software versions 184.108.40.206 for RV110W Wireless-N VPN Firewall, 220.127.116.11 for RV130W Wireless-N Multifunction VPN Router, and 18.104.22.168 for the RV215W Wireless-N VPN Router.
Discovery of BMC Vulnerabilities Place ‘Bare-Metal’ Customers Data At Risk
arstechnica.com- Author: Dan Goodin - Date: February 26th, 2019
Security Researchers from the security firm Eclypsium plan to publish a paper about how Baseboard Management Controllers (BMC) vulnerabilities threaten premium cloud services provided by providers such as IBM. The premium service examined known as ‘bare-metal’ cloud computing allows customers to safely store sensitive data on a server. The service also allows customers to purchase time to dedicated physical servers for as long as needed and are then returned to the cloud provider. After the servers are returned they are then wiped to allow them to be safely used by another bare-metal customer. Eclypsium’s research shows that BMC vulnerabilities would allow a customer to leave a backdoor that remains active even after the server is reassigned. This backdoor leaves the new customer open to the risk of data theft, DOS attacks, and ransomware.
New Phishing Campaign Targets Instagram Profiles For Ransom
darkreading.com- Author: Jai Vijayan - Date: February 28th, 2019
Popular Instagram profiles have recently been targeted by Turkish-speaking hackers in a new phishing campaign to hijack accounts from the affected victims. Researches from Trend Micro has on Thursday reported that they have recently seen several incidents where the group has been taking control over Instagram Profiles for ransom in exchange for monetary compensation or nude photos or videos. The profiles that have been hijacked belong to people who have between 15,000 and 70,000 followers. Trend Micro also reports that the victims range from famous Instagram personalities to owners of small businesses.
Encryption Technology Creates a Veil for Bad Actors and Malware
darkreading.com - Author: Curtis Franklin Jr. - Date: March 1st, 2019
Bad actors have turned to using the same protective technology of encryption to hide their tracks when they are conducting malicious activity. In a majority of cases, the organizations that control the encrypted network tunnels are not doing enough to find out exactly what is going on inside their tunnels. Security Vendor Gigamon ATR reports that encryption is being used by Emotet, LokiBot, and TrickBot for their campaigns. It is recommended that the organizations who provide encryption services make an effort to have better processes and technologies in place to monitor any suspicious activity in their encrypted tunnels.
Cobra Keeps ATM In India "Safe" and Secure
Newsflare - Date: February 25th, 2019
In India, one of the best ways to keep ATM machines secure from potential bad actors is to have Cobras perched on top of the machine guarding the money inside. I am kidding of course, but at a local ATM, a man was withdrawing money when he noticed the Cobra perched on top of the machine. It was reported that he ran out in panic and people soon gathered.
Click on the link below to watch the full video!