Expert(s):
Solutions Architectfeature_status*/ ?>
Edgescan

Comments Dotted : 4
February 24, 2021

Expert Commentary On 30,000 Macs Infected With New Silver Sparrow Malware
Mac users are advised to update their operating systems and install an antivirus.

There is a misconception around Apple devices that they are not susceptible to malware infections, which is a myth that needs to be debunked. While it certainly makes sense for malware authors to target more popular OS types with greater frequency, there have been many examples of OS X-specific malware as well.

 

Mac users are advised to update their operating systems and install an antivirus. Apple devices are the same as any other piece of technology, they can be infected with malware and/or

.....Read More

There is a misconception around Apple devices that they are not susceptible to malware infections, which is a myth that needs to be debunked. While it certainly makes sense for malware authors to target more popular OS types with greater frequency, there have been many examples of OS X-specific malware as well.

 

Mac users are advised to update their operating systems and install an antivirus. Apple devices are the same as any other piece of technology, they can be infected with malware and/or viruses. Apps should also be updated regularly to ensure that the latest, safe version is installed, to avoid these becoming the entry vector for threat actors.

  Read Less
December 08, 2020

Experts On Major Security Flaw Found In Android TV – Consumers Be Warned
The root cause appears to be nearly the same: default credentials on an unspecified port.
This is very similar to how some of the Android BusyBox deployments got hacked in late 2016. This lead to a rapid increase in the scale and bandwidth utilised during DDoS attacks. The root cause appears to be nearly the same: default credentials on an unspecified port. Should these devices have this capability, who has access and why do they require access are questions that need to be asked. Previously the issue was on Telnet (port23 by default), with default credentials remaining from the.....Read More
This is very similar to how some of the Android BusyBox deployments got hacked in late 2016. This lead to a rapid increase in the scale and bandwidth utilised during DDoS attacks. The root cause appears to be nearly the same: default credentials on an unspecified port. Should these devices have this capability, who has access and why do they require access are questions that need to be asked. Previously the issue was on Telnet (port23 by default), with default credentials remaining from the rebranding and repacking of IoT devices, but not reconfiguring the devices themselves. There is very little information available on the TCL website related to configurations and exposures of these devices.  Read Less
November 24, 2020

Experts Commenting On Hacker Posts Exploits For Over 49,000 Vulnerable Fortinet VPNs
Organisation need to implement and enforce strong patching policies.
This vulnerability has been a known issue for nearly two years now. The list that this hacker has posted is not exhaustive, there may be many more organisations that have the same issues that are not included in the exploit dump. This year, ransomware has been rampant all over the globe, and this exploit is just another way for attackers to deliver their payloads. This is a one-line exploit, which means the attack is fairly simple to run, and any susceptible systems should be addressed,.....Read More
This vulnerability has been a known issue for nearly two years now. The list that this hacker has posted is not exhaustive, there may be many more organisations that have the same issues that are not included in the exploit dump. This year, ransomware has been rampant all over the globe, and this exploit is just another way for attackers to deliver their payloads. This is a one-line exploit, which means the attack is fairly simple to run, and any susceptible systems should be addressed, patched or taken offline immediately. Organisation need to implement and enforce strong patching policies. This needs to be coupled with strong asset management so it is understood exactly what needs to be patched and where the technology resides.  Read Less
October 05, 2020

Microsoft Excel spreadsheet error leads to major COVID UK stats mishap – cybersecurity experts have their say
Track and trace is very new for most countries.
In an ideal world, Excel would not be used to correlate the track and trace information. While Excel would be an excellent tool for this, it is missing some vital components that would make this viable in the long term. The main benefit of track and trace technology is rapidly being able to notify somebody of any potential exposures. I would speculate that PHE is looking to move to a more suitable technology that can provide more granular permissions for users who are creating, reading,.....Read More
In an ideal world, Excel would not be used to correlate the track and trace information. While Excel would be an excellent tool for this, it is missing some vital components that would make this viable in the long term. The main benefit of track and trace technology is rapidly being able to notify somebody of any potential exposures. I would speculate that PHE is looking to move to a more suitable technology that can provide more granular permissions for users who are creating, reading, updating, and deleting information on the current system. Excel may be used to refine the process for implementation into another more suitable technology. The main concerns are, who has access to the data, do they need access, is their access audited, and do they have access to only the data that pertains to them being able to perform their tasks in a timely manner. Track and trace is very new for most countries, there will be a bedding-in period where these questions must be answered.  Read Less