720-891-1663

What You Don’t Know Can Hack You

Optus, the second largest telecom vendor in Australia was hacked and the hackers want a million dollars in exchange for not selling the data on ten plus million people that they stole. Optus is being investigated over the breach by the Australian Federal Police. The hacker leaked sample data that appears to validate that the […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending August 5, 2022

US Emergency Alert System Has a Minor Bug Homeland Security has issued an alert that there are critical vulnerability in the Emergency Alert System encoder and decoder devices. If left unpatched, it would allow a hacker to issue fake warnings of emergencies. The EAS is the nationwide alert system that is used to warn citizens […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending June 3, 2022

FBI Warns US Colleges of Widespread VPN Credential Leaks – On Russian Crime Forums Here’s a shocker. Cybersecurity practices at US colleges and universities are not so good. According to an FBI PIN (Color WHITE, general distribution), Russian cybercrime forums are offering network and VPN credentials for sale for many US higher education institutions, some […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending May 20, 2022

Flaw in uClibc Allows DNS Poisoning Attacks A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in milliosn of Internet of Things devices that will never be patched and will always be vulnerable. This is where […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Get Ready for NIST’s Software Supply Chain Security Guidance

As part of the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), NIST is required to do several things. among those are guides and standards for improving supply chain security and they have already released a number of draft documents related to their tasks. IF you sell to the executive branch, these will become […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Have You Adjusted Your Penetration Testing Strategy for the Cloud?

Hackers are targeting the cloud. Why? To paraphrase Willie Sutton, because that is where the data is. Historically, penetration testers gain access to network devices through the “perimeter defense” and then they move around (the so-called east-west movement) trying to get access to data, wherever it lives inside the network perimeter. But in the cloud, […]

Continue reading → [DISPLAY_ACURAX_ICONS]