Yale Privacy Lab has discovered hidden trackers in hundreds of popular Android apps that send app manufacturers your location, activity, and other personal info.
That Bluetooth Cayla doll and i-Que surveillance robot can be taken over by any creep within 9 meters who wants to talk to your kid.
12/05/2017 04:12 PM EST Original release date: December 05, 2017
As the holiday season begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.
US-CERT encourages users to review the US-CERT Tips on Holiday Traveling with Personal Internet-Enabled Devices and Cybersecurity for Electronic Devices. The suggested security practices in these tips will help travelers secure their portable devices during the holiday season and throughout the year.
12/07/2017 05:52 PM EST Original release date: December 07, 2017
Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.
US-CERT encourages users and administrators to review Microsoft’s Advisory and apply the necessary updates.
11/29/2017 05:04 PM EST Original release date: November 29, 2017
The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats.
The Turla group use a range of tools and techniques, many of which are custom. Using
their advanced toolkit, the Turla group compromise networks for the purposes of
intelligence collection. The Turla group is known to target government, military,
technology, energy and commercial organisations.
The Turla group has operated on targets using a rootkit known as Snake for many
years. Like Neuron and Nautilus, Snake provides a platform to steal sensitive data,
acts as a gateway for internal network operations and is used to conduct onward
attacks against other organisations.
US-CERT encourages users and administrators to review the NCSC advisory for more information.
12/06/2017 05:15 PM EST Original release date: December 06, 2017
Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:
- iOS 11.2
- macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan
- tvOS 11.2
- watchOS 4.2
12/06/2017 05:08 PM EST Original release date: December 06, 2017
Google has released Chrome version 63.0.3239.84 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.