On Friday, 9/15/2017, VMware released patches for the ESXi Server, Workstation, and Fusion (Apple) hypervisors. The most serious issue, an out-of-bounds write vulnerability, exists in ESXi, and desktop hypervisors Workstation, and Fusion. An attacker could exploit the issue, which exists in a SVGA device, to execute code on the host O/S. This affects ESXi version […]
General
Top Attacking Countries: August 2017
The top three countries countries continue to be Russia, United States, and Ukraine. The US has moved into the top spot. China moved up two notches to #4. July 2017’s report can be found here.
Equifax Hacked
Holy crap, Batman! Yes, the company of last resort to protect your identity has just coughed it up. This breach included the Social Security Numbers of 143 Million Americans, a little less that half of the US population. Equifax reports that over 209,000 credit card numbers were stolen, along with identifying information (PCI) for 182,000 […]
Of NSA Vulnerability Disclosures and Cyber-Command
Wow. That’s a lengthy title that covers just about anything. Really, this is just a sounding-out of what’s been happening in the Spy business lately. Vulnerability Disclosure To start with, there’s a good read on Lawfare, entitled “No, the U.S. Government Should Not Disclose All Vulnerabilities in Its Possession“. It was written by Rick Ledgett, Deputy […]
Top Attacking Countries: July 2017
The top three countries (Russia, United States, Ukraine) remained the same when compared to WordFence’s June report here. China moved down a couple of notches. Israel moves into the top 20 for the first time.
BroadPwn Exploit: iOS and Android Updates
Worms have been less of a problem in the world today because of two security features: DEP (Data Execution Prevention): This marks memory segments as “non-executable”. Executable code inserted here from program faults, overflows, and what not, is not executed by the microprocessor. DEP has been in all Windows systems since XP SP2 in 2004. […]
Of SSL, Content Security, and Pesky Protocols
Sometimes we learn about protocols. Sometimes, we learn from protocols. The latter was the case for me as I set about evaluating various SSL/TLS website and Email test suites. SSL Online Test Suites The following three tools actually compliment each other, each providing unique functions not available in the other test suites. It is best […]
Verizon Wireless? Change your passwords.
The title of this post says it all; and it’s all over the news. NICE Systems, Ltd, an Israeli company, does backend call-center work for Verizon. In a project with Verizon, a cloud server from Amazon AWS S3 was used to store call center data in an effort to improve customer service. However, that data […]
Top Attacking Countries: June 2017
The US moved into the #2 spot, flip-flopping with the Ukraine at #3 when compare to Wordfence’s May summary:
Critical Patch Tuesday: 7/11/2017
Oh thank heaven, for 7/11? On a day where Slurpees are the norm, networks across the world were getting a bunch of patches from Microsoft. All told, Microsoft patched 54 vulnerabilities, 19 of them Critical, with one of the Critical fixes “in the wild“. All the the Critical patches were of the type that allowed […]