Last week, Joomla! released version 3.8.13 which included five security updates for the 3.x series of Joomla!. All five of the vulnerabilities addressed are part of the Joomla! application core. Although all of the vulnerabilities are considered low priority, Joomla! is encouraging users to update their applications as soon as possible to avoid possible compromise as a result of them being exploited. The vulnerabilities below were addressed:
Category: Cybersecurity News (Page 1 of 9)
SiteLock is hosting a free webinar and you’re invited! Join us LIVE on October 3, 2018 at 10 AM CST as we cover the lessons we’ve learned from a year of cybercrime. Learn from our SiteLock Web Security Research Analysts, Jessica Ortega, Ramuel Gall, and Topher Tebow, as they highlight three of our most popular cybersecurity topics from the past year.
Joomla! recently released version 3.8.12 which includes patches addressing three security vulnerabilities and several bug fixes. This is a security release that impacts all versions of the 3.x series of Joomla! applications and users are encouraged to update as soon as possible to avoid potential compromise.
FireFox and Chrome announced big changes last week with new ways they will be protecting our information. FireFox will begin to block tracking cookies by default, allowing users to have a better experience while web browsing. Google Chrome announced that starting in September 2018, users will be required to enable Adobe Flash every time the user wishes to use it, all in Chrome’s efforts to wean the public of Flash and force websites into the future.
Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. The bill will provide an avenue of resources and guidelines for small businesses to reduce their cybersecurity risks. Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices. A topic of importance came from Kryptowire, a mobile security research firm that found firmware vulnerabilities in as many as 10 million Android devices in the United States that have remote escalation privileges.
Making headlines last week, over 170,000 carrier-grade routers belonging to internet service providers were compromised. This caused websites being accessed through these routers to be injected with cryptomining malware. In other news, social media site Reddit suffered a data breach in June due to a circumented 2-factor authentication, allowing cybercriminals to access user data like email addresses, usernames, and passwords.
Decoding Security’s most recent episode, Cryptocurrency 101, brought insight into the elusive digital trend of cryptocurrency. Well, it is once again making headlines. Earlier this month, a 20-year old California college student was arrested for stealing over $5M in Bitcoin and other cryptocurrencies by hijacking more than 40 cell phone numbers. Also making cybersecurity news, inmates from five different Idaho Department of Correction facilities hacked tablets given to them for email, music, and games. By exploiting a vulnerability in the tablet’s software, they collected nearly $225,000 worth of credits to purchase various games and eBooks.
Many consider cryptocurrency to be the future of money since it eliminates disclosing personal financial information when purchasing goods and services online. So, what do you need to know? Security Analysts Jessica Ortega and Ramuel Gall highlight information you need to know about cryptocurrency and cryptojacking as you listen in this week.
We continue to hear about cyberattacks and data breaches around the world. Last week, the European retailer, Dixons Carphone, admitted to a huge data breach involving 5.9 million credit cards and 1.2 million personal data records. Meanwhile in the United States, net neutrality has officially been repealed. The rules that required internet service providers to offer equal access to all web content are no longer in effect as of June 11, 2018.