Apache needs a patchy! Carpe Diem, update now

Posted on April 6th, 2019 by Responsible Cyber

by John E Dunn The maintainers of one of the world’s most popular web servers, Apache HTTP Server, have patched a critical vulnerability that could give an attacker a way to gain full ‘root’ admin control on Unix-based systems. Named ‘Carpe Diem’ by the researcher who discovered it, Ambionics engineer Charles Fol, techies might prefer […]

Read More

Patch now! Magento e-commerce sites targeted by SQLi attacks

Posted on April 5th, 2019 by Responsible Cyber

by John E Dunn Cybercriminals are reportedly exploiting a critical flaw in the Magento e-commerce platform only days after it was made public by the researchers who discovered it. Scoring a 9.0 on CVSS, the bug doesn’t yet have a CVE number to identify it but Magento refers to its patching list as PRODSECBUG-2198 (the […]

Read More

Is your e-commerce site being used to test stolen card data?

Posted on March 30th, 2019 by Responsible Cyber

by John E Dunn An unspecified weakness in some versions of the Magento e-commerce platform is reportedly being misused by carding criminals to surreptitiously test the validity of stolen, leaked or skimmed credit and debit cards. That’s according to news site ZDNet, which said it had seen an advisory from Magento which, frustratingly, doesn’t appear […]

Read More

As drones fill the skies, cybercriminals won’t be far behind

Posted on March 29th, 2019 by Responsible Cyber

by John E Dunn For the longest time, drones looked like a good-news tech story that would transform aerial photography, disaster relief and parcel delivery. The world is still waiting to receive packages from the air (although UPS claims it’s started deliveries this week), which might be just as well because experts are having second thoughts. […]

Read More

Will the next version of Android get location privacy right?

Posted on March 15th, 2019 by Responsible Cyber

by John E Dunn Better late than never, Google has confirmed that improved control over location tracking is one of several new privacy features in the next version of its mobile OS, Android Q, due to appear later this year. It’s an issue that’s been giving Google some grief in the last year as a […]

Read More

Update now! Microsoft’s March 2019 Patch Tuesday is here

Posted on March 14th, 2019 by Responsible Cyber

by John E Dunn If you were among the millions of users who updated Chrome last week to dodge a zero-day exploit, Microsoft has something for you in this month’s Patch Tuesday – a fix for a separate flaw targeting Windows 7 that is being used as part of the same attacks. To recap, the […]

Read More

Citrix admits attackers breached its network – what we know

Posted on March 14th, 2019 by Responsible Cyber

by John E Dunn On Friday, software giant Citrix issued a short statement admitting that hackers recently managed to get inside its internal network. According to a statement by chief information security officer Stan Black, the company was told of the attack by the FBI on 6 March, since when it had established that attackers […]

Read More

John Oliver bombards the FCC with anti-robocall robocall campaign

Posted on March 14th, 2019 by Responsible Cyber

by Maria Varmazis Americans are fed up with robocalls, and John Oliver of Last Week Tonight wants to do something about it. Despite the existence of a do-not-call list and tools like call-blocking apps and caller ID to slow down incoming call spam, these tools have barely made a dent in the flood of harassing […]

Read More

Update now! WordPress abandoned cart plugin under attack

Posted on March 13th, 2019 by Responsible Cyber

by John E Dunn Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce. According to a blog written by Mikey Veenstra of WordPress firewall company Defiant (formerly Wordfence), the attacks exploit a cross-site scripting (XSS) flaw in version 5.1.3, a plug-in designed to help site admins analyse […]

Read More

Nvidia patches eight security flaws in graphics products

Posted on March 1st, 2019 by Responsible Cyber

by John E Dunn Chip maker Nvidia has released its first security update for 2019 (ID 4772), fixing eight CVE flaws in its Windows and Linux graphics display drivers. Users are advised to patch as soon as possible. The company scores the flaws using the Common Vulnerability Scoring System (CVSS) v3, which shows five with […]

Read More