It’s been a busy week at Oracle. The company has recently released a massive flurry of patches that fix a staggering 136 security issues for a wide range of the products it sells. This release comes in tandem with the decision to switch from CVSS 2.0 to CVSS 3.0 (the Common Vulnerability Scoring System).
The change is significant because the switch to the more up to date CVSS changes the way security issues are rated, on balance, increasing the severity level of known issues.
Last year, an IoT (Internet of Things) security firm called Bastille Networks uncovered an attack from an unexpected vector. Hackers can actually take control of your wireless mouse, which has no on-board security, and use the device to spoof keyboard inputs to the computer it is attached to.
Are you still using single factor authentication in your business? If so, you are taking an unnecessary risk. If the only thing standing between the hacking community and your company’s data is a password, then no matter how robust those passwords might be, it’s just a matter of time before someone slips up, and your system is breached.
Toy manufacturing giant Mattel was recently the target of a whaling scam that could have been both highly embarrassing and extremely costly, if not for a single stroke of luck.
If you’ve not heard the term, “whaling” is a subset of the phishing scams that hackers commonly run, with the key distinction being that whaling scams tend to target high level executives of a given company on the thinking that a bigger target tends to yield a bigger prize.
More problems for the Adobe Flash player, and a new type of hacking attack that security experts are referring to as “Typosquatting.” If you’ve not yet heard the term, you’re not alone, but you can bet that it will be making headlines in the months ahead.
If you have Apple QuickTime installed on a Windows-based PC, you should uninstall it immediately. In a public statement issued on 4/14/2016, the US-CERT recommends the removal of QuickTime for Windows. Apple announced that they’re no longer supporting the product in any way, including issuing security updates.
The statistics are both shocking and dismaying. Even in the face of innumerable high profile data breaches, people still aren’t serious about personal data security. In fact, a shocking 95% of people admit to sharing between one and six passwords with friends.
“What’s old is new again.”
The simple truth is that tastes and trends seem to repeat. We’ve seen it countless times in the world of fashion, and now, we’re seeing something similar in the hacking community.
Over the past year or so, hackers around the world have come to rely increasingly on a type of malware called “ransomware,” which encrypts all the files on your computer, requiring you to send money (typically in the form of Bitcoin) if you want your files unlocked.
The hacking community seems to have found another viable business model, this time, in the form of ransomware. Given the success that hackers have been finding with this type of attack lately, they’ve upped their game, and have begun to experiment with and vary their approach when getting ransomware onto target machines.
If you use Google Chrome, you might have the “Better History” extension installed. If you do, and you’ve upgraded it recently, you’ve probably seen a large influx of advertising on your screen. Yes, you guessed it, hackers have found yet another avenue of attack, this time, co-opting browser extensions.
