Back from vacation!
Getting right back to work, catching up on all the things :-) Enjoy!
Breaches and leaks
- Hosting provider Hostinger breached, affecting 14 million customers: link.
- Company behind Foxit PDF Reader announces security breach: link.
- Mastercard reports data breach to German and Belgian DPA's: link.
- New York school district infected by ransomware, paid $100.000: link.
It could lead to remote code execution. No exploit has been seen yet though, and I think you'd still have to get through the sandbox? But still, better make sure you have the latest.
It allows anyone on the internet to bypass the login for an IOS XE device without the correct password. Patch em if you got em.
Researchers warn that the WS-Discovery protocol can readily be abused for DDoS attacks, which are in fact already a weekly occurrence. It seems it has the potential for an amplification factor of over 300.
They took control of the command & control servers of the Retadup botnet, ordering the malware to delete itself from over 850.000 Windows systems. Kudos.
They couldn't let Firefox have all the glory right? :-)
The deadline is January 14, 2020. Better start looking into this if you're still on Windows 7.
More EOL news! The deadline here is January 1st, 2020. Good to keep on your radar.
Good reminder to check your records for orphaned entries.
I mean, it obviously has issues. But depending on the company I can see it making sense. Simple and rather effective.