by Scott Muniz | Oct 22, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.
CISA urges users and administers using compromised ua-parser-js versions 0.7.29, 0.8.0, and 1.0.0 to update to the respective patched versions: 0.7.30, 0.8.1, 1.0.1
For more information, see Embedded malware in ua-parser-js.
by Scott Muniz | Oct 21, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Critical Infrastructure (CI) owners and operators, and other users who obtain Coordinated Universal Time (UTC) from Global Positioning System (GPS) devices, should be aware of a GPS Daemon (GPSD) bug in GPSD versions 3.20 (released December 31, 2019) through 3.22 (released January 8, 2021).
On October 24, 2021, Network Time Protocol (NTP) servers using bugged GPSD versions 3.20-3.22 may rollback the date 1,024 weeks—to March 2002—which may cause systems and services to become unavailable or unresponsive.
CISA urges affected CI owners and operators to ensure systems—that use GPSD to obtain timing information from GPS devices—are using GPSD version 3.23 (released August 8, 2021) or newer.
For more information, see Keeping Track of Time: Network Time Protocol and a GPSD Bug.
by Scott Muniz | Oct 21, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Software. An authenticated local attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review Cisco Advisory cisco-sa-sd-wan-rhpbE34A and apply the necessary updates.
by Scott Muniz | Oct 20, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Google has released Chrome version 95.0.4638.54 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.
by Scott Muniz | Oct 20, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Has Amazon contacted you to confirm a recent purchase you didn’t make or to tell you that your account has been hacked? According to the FTC’s new Data Spotlight, since July 2020, about one in three people who have reported a business impersonator scam say the scammer pretended to be Amazon.
These scams can look a few different ways. In one version, scammers offer to “refund” you for an unauthorized purchase but “accidentally transfer” more than promised. They then ask you to send back the difference. What really happens? The scammer moves your own money from one of your bank accounts to the other (like your Savings to Checkings, or vice versa) to make it look like you were refunded. Any money you send back to “Amazon” is your money (not an overpayment) — and as soon as you send it out of your account, it becomes theirs. In another version of the scam, you’re told that hackers have gotten access to your account — and the only way to supposedly protect it is to buy gift cards and share the gift card number and PIN on the back. Once that information is theirs, the money is, too.
Here are some ways to avoid an Amazon impersonator scam:
- Never call back an unknown number. Use the information on Amazon’s website and not a number listed in an unexpected email or text.
- Don’t pay for anything with a gift card. Gift cards are for gifts. If anyone asks you to pay with a gift card – or buy gift cards for anything other than a gift, it’s a scam.
- Don’t give remote access to someone who contacts you unexpectedly. This gives scammers easy access to your personal and financial information—like access to your bank accounts.
Have you spotted this scam? Report it at ReportFraud.ftc.gov.
If you think someone has gotten access to your accounts or personal information, visit IdentityTheft.gov. There, you’ll find steps to take to see if your identity has been misused, and how to report and recover from identity theft.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments