Frank Crast, Author at Securezoo

5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions

Cybercrime, Cybersecurity Articles, Regulations & Laws, Standards & Guidelines / Frank Crast / April 5, 2020 / CVE-2017-5638, Cybercrime, Cybersecurity, Framework, FTC, law

Several years ago, the Federal Trade Commission (FTC) released a good video that is still highly relevent today. The video explains how companies can leverage NIST’s Cybersecurity Framework to greatly improve security in their organization. In this article, we highlight the five key tenants from the framework and how they could have possibly prevented FTC action and penalties.

5 Good Cybersecurity Lessons Learned From FTC Law Enforcement Actions Read More »

FBI warns of video-teleconferencing hijacking “Zoom-bombing”

Cybersecurity Attacks, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 4, 2020 / Cisco, Webex, Zoom, Zoom-bombing

As the COVID-19 crisis continues to spread, larger numbers of enterprises and learning organizations are moving meetings and classrooms online via video-teleconferencing (VTC) platforms. The FBI has issued a new warning of recent VTC attacks and also offered guidance on how to better security VTC platforms.

FBI warns of video-teleconferencing hijacking “Zoom-bombing” Read More »

Firefox security update (74.0.1) patches two zero-day critical vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 4, 2020 / CVE-2020-6819, CVE-2020-6820, Firefox, Mozilla

The Mozilla Foundation released a new security update for Firefox 74.0.1 that patches two zero-day Critical vulnerabilities (CVE-2020-6819 and CVE-2020-6820) under active attack.

Firefox security update (74.0.1) patches two zero-day critical vulnerabilities Read More »

APT41 launches broad cyber campaign with multiple exploits

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 1, 2020 / APT41, Citrix, CVE-2019-1652, CVE-2019-1653, CVE-2019-19781, CVE-2020-10189, RV320, RV325, Zoho

Researchers from FireEye have discovered Chinese cyber threat group APT41 carry out a broad cyber campaign between January 20 and March 11, 2020. The actors have attempted to exploit vulnerabilities in Citrix NetScaler/ADC, Cisco routers, and Zoho ManageEngine Desktop Central products against 75 FireEye customers.

APT41 launches broad cyber campaign with multiple exploits Read More »

Google releases Chrome security update (80.0.3987.162)

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 1, 2020 / Android, Chrome, Chrome 80, CVE-2020-6450, CVE-2020-6451, CVE-2020-6452

Google has released Chrome 80.0.3987.162 for Windows, Mac and Linux, as well as a new version of Chrome for Android.

Google releases Chrome security update (80.0.3987.162) Read More »

GE third party data breach exposes employee personal data

Data Breach, Third-Party Security / Frank Crast / March 27, 2020 / Canon, Data Breach, GE, General Electric, third party

In a breach notification letter posted online, General Electric (GE) said one of their service providers Canon Business Process Services experienced a data breach last month. The breach exposed certain personal data on past and present GE employees, as well as their beneficiaries.

GE third party data breach exposes employee personal data Read More »

Upgrade now: Apple security updates for iOS 13.4, macOS Catalina 10.15.4 and other products

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / March 25, 2020 / Catalina, iOS, iOS 13.4, macOS, Safari, tvOS

Apple has released security updates for iOS 13.4, macOS Catalina 10.15.4, Safari 13.1 and other products.

Upgrade now: Apple security updates for iOS 13.4, macOS Catalina 10.15.4 and other products Read More »

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated)

Security Updates & Patches, Zero-days / Frank Crast / March 24, 2020 / Adobe, ATM Library, CVE-2020-1020, Microsoft, PostScript, RCE, Zero-day

Microsoft has issued a new security advisory for two remote code execution (RCE) vulnerabilities in Adobe Type Manager (ATM) Library exploited in the wild. Microsoft also published several workarounds to reduce risk until a patch is rolled out.

Microsoft issues advisory for two zero-day RCE vulnerabilities exploited in the wild (updated) Read More »

Drupal patches third-party library CKEditor vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / March 20, 2020 / CKEditor, CVE-2020-9281, CVE-2020-9440, Drupal

Drupal has released a critical security update to address third-party library CKEditor XSS vulnerabilities in Drupal 8.7.x and 8.8.x.

Drupal patches third-party library CKEditor vulnerabilities Read More »

Google releases Chrome security update (80.0.3987.149)

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / March 19, 2020 / Android, Chrome, CVE-2019-20503, CVE-2020-6422, CVE-2020-6424, CVE-2020-6425, CVE-2020-6426, CVE-2020-6427, CVE-2020-6428, CVE-2020-6429, CVE-2020-6449

Google has released Chrome 80.0.3987.149 for Windows, Mac and Linux, as well as a new version of Chrome for Android. The update addresses 13 security fixes to include 9 High severity vulnerabilities.

Google releases Chrome security update (80.0.3987.149) Read More »