Don’t just pay attention to the man behind the curtain, tear the curtain down and burn it. That’s been the general sentiment among the InfoSec community on Twitter this past week in the wake of the discovery of multiple vulnerabilities intentionally built into the popular pipdig Power Pack (P3) plugin. I could easily write 3,000 words digging into the code, but that’s been covered incredibly well already by other researchers. Instead, I’m going to focus more on the effects of this situation, and on how we as a security-minded community can make a difference going forward.
Category: Cybersecurity News Page 1 of 9
The popular e-commerce CMS platform, Magento, announced multiple security updates to their commerce and open source versions on March 26, 2018. More than 250,000 active Magento installations are affected by this security flaw, including versions 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.
If cybercriminals were creating illegitimate websites to impersonate your brand and steal victims’ information—would you shut down those sites if you could?
That’s exactly what Microsoft did when it took control of 99 websites that Iranian hackers used to try to steal sensitive information from targeted victims, namely United States employees in the public and private sectors. According to Microsoft, the hackers “specifically directed” their attacks on government agencies in Washington.
California has a history of creating legislation that creates a ripple effect that affects consumers in other states. While the laws only affect California, they often push companies into adopting the rules broadly – for example, California’s strict auto emissions standards have been adopted in 16 other states since 2004. “What California does definitely impacts the national conversation,” says state Senator Scott Wiener. As the home of some of the biggest names in technology, it’s no surprise that California’s legislators are especially concerned about cybersecurity. In 2018 alone, California has passed several laws that they hope will inspire other states – and ultimately, Congress – to passing cybersecurity laws that better address the issues of our time. However, these laws have also attracted criticism from tech companies, cybersecurity experts, and the Federal Government. These laws may come to affect you, which is why we’ve created this guide.
Last week, Joomla! released version 3.8.13 which included five security updates for the 3.x series of Joomla!. All five of the vulnerabilities addressed are part of the Joomla! application core. Although all of the vulnerabilities are considered low priority, Joomla! is encouraging users to update their applications as soon as possible to avoid possible compromise as a result of them being exploited. The vulnerabilities below were addressed:
SiteLock is hosting a free webinar and you’re invited! Join us LIVE on October 3, 2018 at 10 AM CST as we cover the lessons we’ve learned from a year of cybercrime. Learn from our SiteLock Web Security Research Analysts, Jessica Ortega, Ramuel Gall, and Topher Tebow, as they highlight three of our most popular cybersecurity topics from the past year.
Joomla! recently released version 3.8.12 which includes patches addressing three security vulnerabilities and several bug fixes. This is a security release that impacts all versions of the 3.x series of Joomla! applications and users are encouraged to update as soon as possible to avoid potential compromise.
FireFox and Chrome announced big changes last week with new ways they will be protecting our information. FireFox will begin to block tracking cookies by default, allowing users to have a better experience while web browsing. Google Chrome announced that starting in September 2018, users will be required to enable Adobe Flash every time the user wishes to use it, all in Chrome’s efforts to wean the public of Flash and force websites into the future.
Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. The bill will provide an avenue of resources and guidelines for small businesses to reduce their cybersecurity risks. Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices. A topic of importance came from Kryptowire, a mobile security research firm that found firmware vulnerabilities in as many as 10 million Android devices in the United States that have remote escalation privileges.
Making headlines last week, over 170,000 carrier-grade routers belonging to internet service providers were compromised. This caused websites being accessed through these routers to be injected with cryptomining malware. In other news, social media site Reddit suffered a data breach in June due to a circumented 2-factor authentication, allowing cybercriminals to access user data like email addresses, usernames, and passwords.