720-891-1663

Researchers Find 20 Bugs in Samsung IoT Controller

In the ongoing saga of IoT security (The score is bad guys: a whole bunch, good guys: not very many), the bad guys continue to win. Researchers analyzed Samsung’s house management hub called SmartThings and found 20 problems. The researchers, part of Cisco, said that the attacks are complex and require the attackers to chain […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News Bites for the Week Ending July 28, 2017

Zip Slip Vulnerability Affects Thousands of Projects Researchers discovered a flaw in almost all zip-style file decompressors – RAR, TAR, 7ZIP-APK and others. The problem is caused by a very old attack vector called directory traversal that these libraries do not handle correctly. The decompressor libraries were likely downloaded from places like Github and Stack […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Homeland Security Warns of Enterprise Systems Hacking

Enterprise Resource Planning (ERP) systems are quickly becoming a popular target of hackers.  It used to be that these systems were on private networks behind firewalls, but as companies move to the cloud and include their vendors and subcontractors in their ERP systems, the systems are becoming more public. More public means easier to hack. […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Secure Software Development Lifecycle Process Still Lacking

In late 2015 Juniper announced that it had found two backdoors in the router and firewall appliances that it sells.  Backdoors are unauthorized ways to get into these systems in a way that bypasses security.  Kind of like going around to the back of the house and finding the kitchen door unlocked when no one […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Third Party (Vendor) Cyber Risk Management Rears its Ugly Head AGAIN!

This seems to be a recurring topic, but it doesn’t seem to be getting any better, so I will leap back into the fray. Last month Ticketmaster announced they had a breach and they led people to believe that it was isolated and that it had something to do with their software. According to RiskIQ, […]

Continue reading → [DISPLAY_ACURAX_ICONS]