When It Comes To IoT Security, Liability Is Muddled

The onus behind IoT security has become so muddled that no one knows who to point fingers at.

“Unbreakable” Smart Lock Tapplock Issues Critical Security Patch

Researchers were able to discover a way to hack the device in less than an hour.

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control”

The IP cameras have a slew of bugs allowing bad actors to control them, add them to a botnet, or render them useless.

FTC, Partners Help Small Businesses Stop Scams

Original release date: June 18, 2018 The Federal Trade Commission (FTC) has launched Operation Main Street, an effort with the Better Business Bureau (BBB) and law enforcement to educate small business owners on how to stop scams targeting their businesses. Accordingly, FTC released Scams and Your Small Business, a guide for businesses detailing how to avoid, identify, and report scams. NCCIC encourages business owners and other consumers to review the FTC article and NCCIC’s Resources for Small and Midsize Businesses. …
Read More »

SB18-169: Vulnerability Summary for the Week of June 11, 2018

Original release date: June 18, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

U.S. Intelligence Cautions World Cup Travelers on Mobile Use

World Cup travelers should leave their mobile phones, laptops and tablets behind.

Dixons Carphone Cyberattack Targets 5.9M Bank Cards

Dixons Carphone said it discovered a massive cyberattack on its processing systems that targeted millions of payment cards and personal data records.

Two Bugs in WordPress Tooltipy Plugin Patched

The bugs include a reflected cross-site scripting glitch and a cross-site request forgery vulnerability.

Microsoft Reveals Which Bugs It Won’t Patch

A draft document lays out its criteria for addressing various flaws and notes the exceptions.

ISC Releases Security Advisory for BIND

Original release date: June 13, 2018 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to obtain sensitive information. NCCIC encourages users and administrators to review the ISC Knowledge Base Article AA-01616 and apply the necessary workarounds. This product is provided subject to this Notification and this Privacy & Use policy.