Securing ICS Networks from USB Threats

Ken HigginsVulnerabilitiesLeave a Comment

The Cybersecurity and Infrastructure Security Agency (CISA) has long warned about threats facing the industrial control systems of critical infrastructure operators in manufacturing, energy, water management, aerospace, and other key public and private sectors. In addition to advising regular backups of all system and configuration data, the agency urges organizations to identify, minimize and secure all network connections to ICS. … Read More

SHAREit App Puts Android Users At Risk

Philip BaderVulnerabilitiesLeave a Comment

A report released this week by IT security company Trend Micro announced the discovery of several critical security vulnerabilities in a mobile app for Android devices called SHAREit. The app, which has been downloaded more than a billion times on Google Play, bills itself as the fastest cross-platform file-sharing app in the world. Trend Micro said the vulnerabilities could allow … Read More

Android App Update Hijacks Millions of Devices

Philip BaderVulnerabilitiesLeave a Comment

Users of a popular Android app with more than 10 million downloads discovered recently that the previously trustworthy app had become a delivery platform for fraudulent ads. Malwarebytes posted recently about their analysis of forum patron complaints relating to the Barcode Scanner app created by LavaBird LTD and until recently available on Google Play. The Barcode Scanner app billed itself … Read More

Google Patches Active Zero-Day Chrome Exploit

Philip BaderVulnerabilitiesLeave a Comment

If you use the Google Chrome web browser, don’t wait for your next automatic update. Do it manually, and do it now. The new release includes a security patch for what Google described as a heap buffer overflow in V8 in a blog post on February 4. This memory corruption vulnerability, dubbed CVE-2021-21148, was discovered by a researcher late last … Read More

Google Finds New Windows, Android Exploits

Philip BaderVulnerabilitiesLeave a Comment

Google’s Project Zero team this week published the results of an investigation into attacks that targeted Android and Windows devices in the early months of 2020. The team posted its results in a six-part blog post. The team said the attack was conducted by “a highly sophisticated actor.” The Project Zero team described two exploit servers–one targeting Windows users, and … Read More