720-891-1663

Security News for the Week Ending December 18, 2020

Data from employment firm Automation Personnel Services Leaked Automation Personnel Services, a provider of temporary employment services, found 440 gigabytes of their data leaked on the dark web. The poster says that it includes payroll, accounting and legal documents. The data was leaked because the company refused to pay the ransom. When asked if the […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Solar Winds Breach Keeps Getting Better

Well, maybe better is not the right word. Quick catch up for those of you who are not following this. The Russians hacked the software update process for the high end network management software called Orion from Solar Winds. This software is typically used by large enterprises and government agencies. This hack gave them access […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Strategy is “Wait to get Hacked and then Panic”

As millions upon millions of IoT and Industrial IoT devices get deployed every month, we seem to have forgotten what we learned the hard way about our computers: if we don’t patch them, the hackers will invade. #1: A set of bugs called Urgent/11 affected a network module that has been around since the 90s […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending December 11, 2020

Researchers Hack Apple Successfully Between July and October, good-guy hackers worked on a side project to hack Apple. The results were impressive – if you are not Apple. 55 vulnerabilities found, 11 critical and 29 high. Apple paid the team a bug bounty of $288,000. The compromise would have exposed a lot of Apple’s internal […]

Continue reading → [DISPLAY_ACURAX_ICONS]

SBoM is NOT a Four Letter Word

I have been ranting about Software Bills of Material or SBoM for a while. This week I have two examples of why this is important – even critical. The first story is about a TCP/IP network stack and the vulnerability is called Amnesia:33. It impacts four open source libraries – uIP, FNET, picoTCP and Nut/Net. […]

Continue reading → [DISPLAY_ACURAX_ICONS]