Hot on the heels of last week’s Patch Tuesday – the Apple updates have come out. This article from SANS Internet Storm gives a comprehensive review of the updates across Apple’s range of products: Apple Updates Everything – SANS Internet Storm Center These updates include patches for at least three …
Code Supply Chain Compromise
It is a while since I have written about the issue of compromising code in software repositories being an attack vestor for threat actor bit it has not gone away. Malicious Microsoft VSCode extensions steal passwords, open remote shells (bleepingcomputer.com) Software and web developers everywhere will access code from these …
We do not use RDP…
…and neither should you. RDP is Microsoft’s remote desktop protocol and enables a user at one computer to take over a remote computer – you are all familiar with the concept, and I am sure you used it. However the technology is old and full of security holes and no …
Apple’s report into how it stops App Store crimes
I choose not to call them scams but crimes. The Apple App Store is well curated, that is one of Apple’s selling points for its products – the added security this curation brings. But of course, the threat actors are always looking for ways to squeeze past this curation. Apple …
Continue reading “Apple’s report into how it stops App Store crimes”
Why even small offices need to check their hardware
You may not be targeted but a vulnerable and then compromised small office router modem would be a step along the way for a bigger attack by Chinese hackers: Research reveals a malicious firmware implant for TP-Link routers, linked to Chinese APT group (checkpoint.com) This is why your network hardware, …
Continue reading “Why even small offices need to check their hardware”
