Lets combine all the possible cyber risk concerns into one sentence. A bug in an open source library used by major IoT vendors is raising the spectre of software supply chain/vendor risk management issues for all developers. The vendor in question is Axis Communications. Whether you know it or not, you have seen their security cameras across the country including […]
Continue reading → [DISPLAY_ACURAX_ICONS]As if Yahoo didn’t have enough trouble, it apparently was using a third party software library called ImageMagick which had a serious security bug in it. The library which is used to manipulate images is very widely used. Or at least, it was. Some people say that it has not aged well. Security researcher Chris […]
Continue reading → [DISPLAY_ACURAX_ICONS]A Chinese researcher has “discovered” a Windows flaw which affects all versions of Windows released in the last 20 years. It does not require installing malware and it can be executed silently with near perfect success. While no one seems to be saying this, I wonder if the Chinese have known about this attack for […]
Continue reading → [DISPLAY_ACURAX_ICONS]Do you use 7-Zip? Do you even know what it is? One of the challenges that businesses and consumers have is that, like sausage, they often do not know what is in the software that they use. As a result, they could be diligent about applying patches and still be exposed to hackers. In this […]
Continue reading → [DISPLAY_ACURAX_ICONS]UPDATE: The details are out. The issue is that under certain circumstances, a hacker could get OpenSSL to accept an HTTPS certificate that is fraudulent. This does not affect the major browsers, but rather the second and third tier software that uses SSL behind the scenes. Likely, you don’t even know all the places that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Another day, another software supply chain exploit. This time, Zytel and D-Link have confirmed that their routers have the bug, but researchers think products from Netgear, TP-Link, Trendnet and other vendors are vulnerable. Already 90 plus products from more than 20 vendors have been potentially identified as vulnerable. Only TP-Link has announced a patch. The […]
Continue reading → [DISPLAY_ACURAX_ICONS]