Apple Fixes Multiple macOS, iOS Bugs Including a Quirky FaceTime Vulnerability

Security updates across all Apple platforms released alongside its new products.

Square, PayPal POS Hardware Open to Multiple Attack Vectors

Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft.


Two unrelated sextortion crimes committed months apart and hundreds of miles away from each other illustrate the dangers of compromising personal photos being in the wrong hands.

IoT Flaw Allows Hijacking of Connected Construction Cranes

An attacker can send spoofed commands to the crane’s controller.

National Cybersecurity Awareness Month: Staying Secure

Original release date: October 30, 2018 National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not. NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge. This product is provided subject to this Notification and this Privacy & Use policy.

X.Org Flaw Allows Privilege Escalation in Linux Systems

The issue impacts many large distros with GUI interfaces.

SB18-302: Vulnerability Summary for the Week of October 22, 2018

Original release date: October 29, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

PoC Attack Leverages Microsoft Office and YouTube to Deliver Malware

Microsoft has been notified, but no patch is yet available.

DemonBot Fans DDoS Flames with Hadoop Enslavement

An unsophisticated but effective botnet is targeting exposed cloud servers and racking up millions of infections.

FTC Releases Cyber Resources for Small Businesses

Original release date: October 25, 2018 The Federal Trade Commission (FTC) has released new cyber resources for small businesses, including non-profit and charity organizations. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help smaller organizations protect their network and information. NCCIC encourages small businesses and consumers to review FTC’s Cybersecurity Resources for Non-Profits article, FTC’s Cybersecurity for Small Business web page, and NCCIC’s Resources for Small and Midsize Businesses web page for more information. …
Read More »