ZDNet has reported that a security flaw in libssh “leaves thousands of servers at risk of hijacking.” (CVE-2018-10933) This was a well written article. However, we believe Catalin Cimpanu, the author, understated the actual risk to organizations when he said “most servers, IoT devices, and personal computers [use the non-vulnerable] openssh instead of libssh.” Read more “Vulnerable libssh Embedded Into Critical IoT”
Medical IoT Devices Named Top Security Threat
Last week our content manager, Mindy Affrime, sent me an article about the risks associated with Medical IoT Devices. The article caught my attention because of the author. It was published by the Cyber Security Engineering Department at the University of San Diego. The article names four areas they believe “will be particularly vulnerable to cyber attack[s]” in 2017. Read more “Medical IoT Devices Named Top Security Threat”
Split Tunnel SMTP Exploit Explained
Published: May 23, 2017
Security Research By: Vikas Singla & Jason Morris
Executive Summary:
Exploit:
The Split Tunnel SMTP Exploit allows an attacker to bypass an organization’s email security gateway and inject messages with malicious payloads directly into the victim’s email server. This exploit targets a newly discovered vulnerability in popular Email Encryption appliances as a backdoor. Injectable payloads can include anything that supports MIME encoding including:
- Ransomware
- Macro Viruses
- Password Protected ZIP Files
- Phishing Attacks