A mal-doer with physical access to a locked Windows 10 computer can use a Cortana bug and let the mal-doer change password on a locked computer. The latest patch Tuesday fixed this issue. Anyone using windows 10 should update as soon as possible.
D-Link DIR-620 routers contains a backdoor account was discovered by Kaspersky Lab researchers. Firmware that was found to have the backdoor are 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22. D-Link have no plans to update the firmware due to the age of the router. If you have one of the DIR-620 I would not … Continue reading D-Link Backdoor
Chili's reported that malware had breached its payment system and stolen credit card and debt card information. Breach happened between March to April 2018. Incident disclosure from Chili's
California DMV uses convergepay for credit card processing. I just ran a check of that site on SSL Labs to check the certificate and security and the grade was a C. This server is vulnerable to the POODLE attack. There is no support for secure renegotiation This server does not support Forward Secrecy with the … Continue reading California DMV
Unless you know for sure that you are going to use UPnP (universal plug and play), always disable it on your router. With UPnP turned on your inviting every one to your router.
I Don't Internet of Things According to Darktrace, in 2017 a casino in North America was hacked and 10GB of high roller data was leaked. The hacker got into the casino network through a IOT device. The IOT device in question is the thermostat in the fish tank that's in the casino's lobby area. Always … Continue reading IDIOT
If you do a search in Bing for "chrome download" you will be presented with a link that will take you to a bad download site. The Chrome installer that you get from the bad site will have virus and malware. When downloading any software one should always go directly to the delevper's site.
Three good sites that you can use to check any website to see how secure it is: SSL Labs can be used to check site certificate and provides a security grade. Virus Total can be used to check how clean a web site or a file is. Fake spot can be used to check how … Continue reading Web Check
Not all VPN service providers are created equal. There are a few that were found recently to have IP leak and other issues. A researcher has put together a list of VPN that he tested here (list is incomplete due to limited funds). His article can be found here. Personally I use ProXPN, Tunnel Bear, … Continue reading VPN
A hacker group has made $75,000 by installing Moreno miner in Linux servers by exploiting a five year old vulnerability. Rule #1: Patch your OS and software Rule #2: When in doubt refer to rule #1