A scan of more than 14 million websites that support the SSL/TLS protocols (sites using HTTPS: ) found that more than 36% of them were vulnerable to these “Freak” decryption attacks.
Essentially, an infected web site using certain versions of SSL can be manipulated to downgrade the high level encryption keys to a more easily exploited version and after discerning the keys, the hacker can figure out how to “see” all communication in plain text and then manipulate the communication to their advantage.
If you’d like to see a list of reported hacked websites by Freak click here. https://freakattack.com/
Google said an Android patch has already been distributed to partners.
Apple also responded to the FREAK vulnerability and released a statement that, "We have a fix in iOS and OS X that will be available in software updates next week." Microsoft is publishing an update as well.
Midlothian
Police Dept. pays Cryptoware Ransom to get their data back
Recently, the police department of Midlothian, Illinois paid a ransom of over $600 in Bitcoins to an unknown hacker after being hit by the popular ransomware attack. Cryptoware disabled a police computer in Midlothian — located south of Chicago — by making it inaccessible through its file-encryption capabilities and forced the police department to pay a ransom in order to restore access to the important police records proving that it can happen to anyone!
Ticked-off
Hackers Exact Their Revenge on Lenovo for Superfish Vulnerability
Users visiting the Lenovo.com website saw a teenager's slideshow of photos and the hacker also added the song "Breaking Free" from High School Musical movie to the website page background.
It was revealed last week that Lenovo had been pre-installing the controversial 'Superfish' adware to its laptops which compromised the computer's encryption certificates to quietly include more ads on Google search. It appears that the Lizard Squad hacking group is responsible for the cyber-attack against Lenovo and it could be in retaliation to the Superfish malware incident.
Forbes Magazine reported today that hacking suspects in the
DoD and Yahoo attacks and an alleged Lizard Squad Member were arrested by
police in the UK. As many as 56 individuals were arrested over the last
week, as part of a crackdown led by London-based National Crime Agency (NCA) on
a range of cybercrimes.
If you pay attention to hacking and exploit news, you’ll see
3 apps or modules pop up time after time. It’s very important that you
keep all of your utilities and apps updated but these 3 are the most commonly
exploited because they are used on almost every computing device out
there. Here are the current versions for each of them. If you’re
not using these versions, you should consider running updates for them.
The one qualifier I would add
before you do that is – make sure that you’re not running a program or web app
that requires an older version and might not support the upgraded
release. If you have such a situation, you may want to impress upon that
vendor the need to upgrade their software to meet current standards.
Javascript -
version 1.8.5
Adobe Acrobat Reader - version XI (11.0.10)
Adobe Flash Player – version 16.0.0.305 (for Windows, iOS and Chrome)
Adobe Acrobat Reader - version XI (11.0.10)
Adobe Flash Player – version 16.0.0.305 (for Windows, iOS and Chrome)
Are you using a D-Link Router?
D-Link has begun to push out
firmware updates for some of its home routers, to address three separate
vulnerabilities that could allow remote code injection via access to the local
area network, perform DNS hijacking, or exploit chipset utilities in the router
firmware that expose configuration information. The company said in an
advisory that it will release several updates between now and March 10. The
most critical flaw is a “ping” issue, which opens the door for all kinds of
nefarious activity, according to the researchers that first discovered it.
Attention Seagate NAS Owners!
Thousands of Seagate Network Attached Storage (NAS) devices
are vulnerable to a zero-day remote code execution (RCE) vulnerability that
allows attacker to remotely get unauthorized root access to the drives.
Late last year security researcher OJ Reeves quietly notified Seagate that
their Business Storage 2-Bay NAS products had a firmware vulnerability.
Seagate still hasn’t issued a firmware fix, so Reeves has now publicly
disclosed the bug.
We
hope that you find this information useful. If you don’t want to receive
these alerts any more, just Reply to this e-mail with the word UNSUBSCRIBE in
the subject.
Thanks,
Jeff Hoffman and your
friends at ACT Network Solutions
Security, Data Protection and
Network Management are our specialtiesACT Network Solutions
Delivering Innovative IT Solutions for over 26 Years
700 Industrial Drive, Suite
H Cary, IL
60013
No comments:
Post a Comment