Healthcare Data Breach Exposes 1.3 Million Patients

August 30, 2022

Do you make use of the "MyChart" portal to refill prescriptions, contact your healthcare providers or make appointments? If so, you should know that recently, the healthcare giant Novant disclosed a data breach that impacted more than 1.3 million patients. Impacted patients had their personal information collected by a Meta Pixel ad tracking script. Meta Pixel, which was formerly known as Facebook Pixel, is a mostly innocuous tracking script used by Facebook advertisers to track the performance of their ads.

LastPass Has Been Hacked

August 29, 2022

Using different passwords on every website and storing them in a secure password manager is a standard best practice in data security. It's generally good advice, but what happens when the makers of password vaults get hacked? That's what the more than twenty-five million users of LastPass are now finding out. LastPass is one of the largest password vaults in the world, and unfortunately, that makes it a tempting target for hackers everywhere.

New Tools Available With Kali Linux 2022.3

August 27, 2022

Do you have the Kali Linux distribution running on one of the machines you own? If you're not sure what that is, then you almost certainly don't. Kali is a Linux distro used mostly by "ethical hackers" who use it mainly to perform security audits, cybersecurity research, penetration testing and the like. Offensive Security has recently released an update to the distribution, 2022.3, which adds a raft of improvements including but not limited to:

Microsoft Releases PoC Code For MacOS App Sandbox Vulnerability

August 26, 2022

MacOS features a powerful sandbox restriction that helps keep modern Apple computers safe by limiting how code can run on the system. Unfortunately, no system is bullet proof. There's a way that a determined attacker could bypass sandbox restrictions and execute malicious code arbitrarily. Engineers at Microsoft discovered the vulnerability, and independent security researcher Arsenii Kostromin discovered it independently. Both groups responsibly disclosed their findings to Apple and the Microsoft team released the technical details along with a proof of concept that demonstrates how it works.

Lenovo Models Affected By Medium Severity Vulnerabilities

August 25, 2022

If you own a Lenovo laptop, be aware that researchers at ESET have recently discovered a trio of bugs reported to Lenovo that could allow an attacker to disable security features and hijack your operating system. The issues are tracked as CVE-2022-1890, CVE-2022-1891, and CVE-2022-1892 and are all classed as medium severity level. The first of these is an issue in the ReadcyBootDxe driver used in some of Lenovo's products, while the other two are overflow bugs in the SystemLoadDefaultDxe driver.

Microsoft 365 Suggests Rollback After Issues From Update

August 24, 2022

Does your company use Microsoft 365? If so, and you've noticed that your Office apps have begun to crash mysteriously and inexplicably, be aware that the latest update (build 15330.20298) is the culprit. Unfortunately, the bug was introduced in the Enterprise channel during the company's regularly scheduled "Patch Tuesday." The error manifests itself when users try to open a contact card or hover over a contact's name or picture in shared documents, emails, or comments.

IoT Security With Microsoft Defender

August 23, 2022

The Internet of Things (IoT) has seen explosive growth in recent years. If you like, you can now build your own smart home with intelligent toasters, washing machines, dishwashers, and refrigerators. They are all connected to your home network, and they all make vast amounts of data available to you at your fingertips. Unfortunately, security is slim to non-existent on most of these "smart" devices. We've seen botnets enslave those smart devices and put them to use in a wide range of malicious ways.

Hackers Use VoIP Systems To Install PHP Web Shells

August 22, 2022

Security researchers at Unit 42, a division of Palo Alto Networks, have been tracking the efforts of a massive campaign aimed at Elastix VoIP telephony servers. They are used by companies of all shapes and sizes to unify their communications, and it is especially attractive because it can be used with the Digium phones module for FreePBX. So far, the team has collected more than half a million malicious code samples over a three-month period.

Google Experiences International Outage

August 20, 2022

"Just Google it." You've probably heard that phrase a thousand times. In fact, you may use it yourself on a regular basis. Unfortunately, Googling it wasn't possible recently. The iconic search giant went dark across broad swaths of the world and simply could not be accessed at all for thirty 34 very long minutes. It was a very strange experience, fumbling through the internet without Google to guide the way.

Apple Users Will Want To Update As Soon As Possible

August 19, 2022

Do you own a device running macOS Monterey 12.5.1, or iOS/iPadOS 15.6.1? If so, you'll want to download and install the latest patches as soon as possible. Apple recently released a small but critical security update aimed at fixing a pair of serious vulnerabilities that could allow an attacker to execute arbitrary code on an unpatched device. The two issues addressed by this patch are tracked as CVE-2022-32894 and CVE-2022-32893.

Contact

Network Revolution

Social Media