As I’ve written elsewhere, Apple iPhones typically have a longer lifespan than Android phones because of Apple’s ability to provide updates. Android’s biggest security problem has been the inability to get timely updates, including critical fixes. Effective July 2017, Google’s “Project Treble” is starting. Project Treble is planned to be a mainstay of the […]
The CIA’s CherryBlossom WiFi Exploits
On June 15th, 2017, WikiLeaks provided more “Vault 7” dumps detailing a CIA WiFi router hacking program dubbed “CherryBlossom“. The WikiLeaks dumps can be found here. CherryBlossom is a WiFi router exploitation program designed by the CIA as part of a larger program, “CherryBomb“. A tool called “Claymore” is used to identify WiFi devices. It […]
Inside CIA’s OutlawCountry Linux Hack
Last week, in June 2017, Wikileaks released more “Vault 7” documents detailing an exploit of Redhat Enterprise 6 and derivatives (CentOS 6). The exploits loads the Netfilter module into the kernel and then creates hidden iptables rules that perform network traffic redirection. The redirection is based upon DNAT (Destination Network Address Translation) rules. Wikileaks posted […]
Skype: Critical Vulnerability Patched
The German security firm, Vulnerability Lab, found a bug with stack buffer overflows in Skype. This vulnerability can cause Skype to crash. It can also allow for Remote Code Execution. The vulnerability is listed on the CVE (Criticial Vulnerabilities and Exposures) database as: CVE-2017-9948. The exploit revolves around image processing of the Windows clipboard, and […]
HIPAA: Product Sunsets
The following products have reached End-Of-Life and cannot be used for any HIPAA or PCI/DSS compliant entities: Windows Vista: 04/11/2017 Exchange Server 2007: 04/11/2017 The following products will reach End-Of-Life on 10/10/2017: Microsoft Office 2007 Microsoft also released a statement stating that they will not support interconnection from any Non-TLSv2 device. These include: Microsoft XP/Vista […]
Mobile Device/Smartphone Security
This post has been sprung off as a separate page. It can be found here: https://www.jaredsec.com/mobile-devicesmartphone-security-tips/
Windows 10S: Microsoft Bogus Claims
Microsoft claims that it’s new version of Windows 10, “Windows 10S” is impervious to malware attacks. Frankly, I thought this was a ludicrous claim. Nothing has perfect security. As I’ve always recast and said, “Security is a compromise“. So, I found this article from ZDNet and thought I would share it with you. This is a summary […]
Fortinet: Mapping the Ransomware Landscape
Fortinet has released a good Executive Summary entitled “MAPPING THE RANSOMWARE LANDSCAPE“. This provides a pretty good overview of today’s ransomware problems. Grim Statistics: Ransomware infected 30K to 50K devices monthly $850M was paid out to Ransomware attacks in 2016 Ransomware is underreported. Fewer than 1 in 4 report the attack 63% of organizations experienced […]
Fortinet: Guide To The Threat Landscape
There have been a lot of data dumps lately by Bitdefender, Palo Alto Networks, and Fortinet. Fortinet provided this document, entitled “A SECURITY LEADER’S DEFINITIVE GUIDE TO THE THREAT LANDSCAPE“. It is a good read. A brief summary is provided below: 1. THE INTERNET OF THINGS Experts predict that by 2020 there will be […]
WordFence Advisory: Continued TR-069 Exploits
WordFence issued an advisory about continued Brute-Force login attempts from infected Home Routers. Their original post is here. This exploit was originally discovered by Checkpoint Software and is called “Misfortune Cookie”. An attacker can send specially crafted HTTP cookies that can alter the router’s system state, tricking the router into treating the session as […]