This web page provides current information about cyber security vulnerabilities and threats to computer software, networks and internet security, and cyber threats.
Visit my Cyber Security Page for information about Cyber Crime.
|Vulnerabilities and Exposures (CVE)|
|CAPEC Domains of Attack|
TCP and networking stacks have recently been shown to leak various types of information via side channels, to a blind off-path attacker. Johannes Ullrich of the SANS Internet Storm Center provides detailed insight into this issue published in a University of California, Riverside paper by Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel.
tags: Off-Path TCP Exploits, Johannes Ullrich, SANS Internet Storm Center, Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, Lisa M. Marvel, University of California, Riverside
The SANS Securing The Human Creating a Cyber Secure Home poster walks families through the five key steps on how to create a cyber secure home. What makes this poster so powerful is these are the same secure behaviors that most organizations want employees to exhibit at work. SANS Securing The Human, a division of the SANS Institute, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their human cybersecurity risk. Cyber Secure Home
tags: SANS Creating a Cyber Secure Home, Securing The Human, security awareness
Famed car hackers Charlie Miller and Chris Valasek have taken their remote hack of a Jeep Cherokee to the next level by controlling the accelerator, brakes, steering, and electronic parking brake at driving speeds. During Black Hat 2016 in Las Vegas, Miller and Valasek reverse-engineered the electronic control unit (ECU) firmware, which communicates via the unsecured CAN bus in short messages. In a nutshell, they tricked the Jeep’s controls by impersonating messages. They basically took the ECU offline and impersonated real traffic to force it to follow their instructions, whether it was to accelerate, or turn the steering wheel 90 degrees. Full Story
tags: Jeep Cherokee remote hack, Miller and Valasek, Black Hat Las Vegas 2016, hacking
A DLL hijacking vulnerability is present in the VMware Tools Shared Folders (HGFS) feature running on Microsoft Windows. Exploitation of this issue may lead to arbitrary code execution with the privileges of the victim. There are no known workarounds for this issue.
tags: VMware Tools, Windows, vCenter Server, ESXi, HTTP header injection Read More
Ranscam deletes victim computer files and then demands ransom to restore them or it will delete them. Yes, in that order. Ranscam further justifies the importance of ensuring that you have a sound, offline backup strategy in place rather than a sound ransom payout strategy.
tags: Ranscam, Cisco Talos, Crypto-ransomware, malware, ransomware Read More
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks.
tags: Adobe, Flash Player critical vulnerabilities, CVE-2016-4171, APSB16-18, Windows, Macintosh, Linux, ChromeOS Read More
Apps on Google Play carry Viking Horde, a new malware family that makes Android devices send out spam, sends SMS messages to premium-rate numbers, downloads additional malicious apps, and participates in DDoS attacks as part of a botnet that uses proxied IP addresses. Viking Horde has passed through Google Play scans undetected.
tags: Google, Google Play Apps, Viking Horde Malware, Viking Jump Botnet Read More
Symantec Anti-Virus Engine susceptible to memory access violation. The most common symptom of a successful attack would result in a Blue Screen of Death (BSOD). tags: Symantec, Symantec Anti-Virus Engine, 20126.96.36.199, CVE-2016-2208 Read More
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. tags: Adobe, Adobe Flash Player, Adobe PDF Reader, Adobe Cold Fusion, APSB16-15, CVE-2016-4117 Read More
Wendy’s investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. tags: Wendys credit card breach Read More