720-891-1663

Security News Bites for the Week Ending July 28, 2017

Zip Slip Vulnerability Affects Thousands of Projects Researchers discovered a flaw in almost all zip-style file decompressors – RAR, TAR, 7ZIP-APK and others. The problem is caused by a very old attack vector called directory traversal that these libraries do not handle correctly. The decompressor libraries were likely downloaded from places like Github and Stack […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Homeland Security Warns of Enterprise Systems Hacking

Enterprise Resource Planning (ERP) systems are quickly becoming a popular target of hackers.  It used to be that these systems were on private networks behind firewalls, but as companies move to the cloud and include their vendors and subcontractors in their ERP systems, the systems are becoming more public. More public means easier to hack. […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Secure Software Development Lifecycle Process Still Lacking

In late 2015 Juniper announced that it had found two backdoors in the router and firewall appliances that it sells.  Backdoors are unauthorized ways to get into these systems in a way that bypasses security.  Kind of like going around to the back of the house and finding the kitchen door unlocked when no one […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Third Party (Vendor) Cyber Risk Management Rears its Ugly Head AGAIN!

This seems to be a recurring topic, but it doesn’t seem to be getting any better, so I will leap back into the fray. Last month Ticketmaster announced they had a breach and they led people to believe that it was isolated and that it had something to do with their software. According to RiskIQ, […]

Continue reading → [DISPLAY_ACURAX_ICONS]

What Happens When Your Firewall Loses the War and Joins the Other Side?

Cisco released an announcement that a high severity vulnerability affecting many Cisco ASA firewalls and Firepower security appliances has a proof of concept available in the wild.  This means that even amateurs can take that code, modify it a bit and successfully either force your firewall to randomly reboot or to steal credentials from that […]

Continue reading → [DISPLAY_ACURAX_ICONS]

IoT is Going to Set Security Back a Decade, at Least

Axis Communications, the Swedish maker of high end security cameras (up to $1,000 each), announced patches to seven vulnerabilities that affect almost 400 camera models. Axis is not some cheap Chinese knockoff;  these are well respected cameras used in businesses the world over. The vulnerabilities, discovered by the security firm VDOO, comes with in depth […]

Continue reading → [DISPLAY_ACURAX_ICONS]