When users hear or read “SSH” (the acronym stands for Secure SHell) they expect it to be just that – a secure shell from your physical location to wherever the destination computer may be; and “secured” in terms of requiring authentication and verification of messages. The programming libraries that support SSH include OpenSSH and libssh among others. In recent news, the … [Read more...]
October’s Microsoft and Adobe Patches – Daily Security Byte
You guys know the drill by now. Tuesday was both Microsoft and Adobe's Patch Day, during which they release all their scheduled security updates for the month. This month includes all the normal Microsoft software (Windows, Office, IE, etc.), as well as Adobe Flash Player and some other less common Adobe products. Watch our Byte below to learn more details, but be sure to visit … [Read more...]
Google Fortfight – Daily Security Byte
Epic Games and Fortnite are in InfoSec news again, but this time for a security faux pas. Epic released Fortnite for Android independently, without using Google's Play marketplace. Google researchers, in turn, quickly found a security vulnerability in this installer, and responsibly disclosed it to Epic. While this flaw is fixed, Epic seems to have an issue with how quickly … [Read more...]
Foreshadow, the Latest Intel-Specific Vulnerability
Intel’s Core and Xeon line of processors are prone to another major speculative execution flaw named “Foreshadow,” alternatively called L1 Terminal Fault or L1TF. This attack could allow attackers to gain access to sensitive data stored in a computer’s memory or 3rdparty Clouds, which includes files, encryption keys, pictures, or even passwords. Speculative execution refers to … [Read more...]
New Apache Struts RCE Vulnerability – Daily Security Byte
Remember the Equifax breach? That breach was caused by a just previously disclosed remote code execution (RCE) vulnerability in Apache Struts. Guess what! There's another one. In today's video, I warn you about a newly disclosed RCE vulnerability in Apache Struts, which was discovered by a security research from Semmle. If you use Apache Struts, you're going to want to patch … [Read more...]
