exploits | Smart Thinking Solutions

14 December 202214 December 2022

December’s Microsoft Patch Tuesday

SANS Internet Storm Diary has a comprehensive report on Microsoft’s Patch Tuesday: Microsoft December 2022 Patch Tuesday – SANS Internet Storm Center Here is the Microsoft release page: December 2022 Security Updates – Release Notes – Security Update Guide – Microsoft The Microsoft report gives much more information on the …

Continue reading “December’s Microsoft Patch Tuesday”

3 August 20225 August 2022

Cybersecurity and Infrastructure Security Agency exploited vulnerability advisory. How this type of mistake can impact your cyber security and steps to protect yourself.

The US Cybersecurity and Infrastructure Security Agency has added a new vulnerabilities to it’s Known Exploited Vulnerabilities Catalog. CISA Adds One Known Exploited Vulnerability to Catalog | CISA This is an interesting issue, as credentials had been hard coded into the application: “Atlassian Questions For Confluence App has hard-coded credentials, …

Continue reading “Cybersecurity and Infrastructure Security Agency exploited vulnerability advisory. How this type of mistake can impact your cyber security and steps to protect yourself.”

28 June 202228 June 2022

Cybersecurity and Infrastructure Security Agency exploited vulnerability advisory

The US Cybersecurity and Infrastructure Security Agency has added eight new vulnerabilities to it’s Known Exploited Vulnerabilities Catalog. CISA Adds Eight Known Exploited Vulnerabilities to Catalog   | CISA

23 June 202223 June 2022

Mega issues a security update

Following this story, earlier this week, about the privacy focused cloud storage company Mega: If Mega cannot decrypt your files, don’t worry hackers can… – Smart Thinking Solutions There is an update on Bleeping Computers: MEGA fixes critical flaws that allowed the decryption of user data (bleepingcomputer.com) Which is better …

Continue reading “Mega issues a security update”

21 June 202223 June 2022

If Mega cannot decrypt your files, don’t worry hackers can…

Mega is a popular cloud storage service – with over 250million users. A minimum requirement for any cloud storage service is that the data at rest in their data centres must be encrypted. It seems that Mega’s is not, even though their own publicity states your data will be safely …

Continue reading “If Mega cannot decrypt your files, don’t worry hackers can…”

19 May 202219 May 2022

CISA warns of threat actors exploiting the F5 vulnerabilities

The US Government Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory of threat actors exploiting the software issues in the F5 systems: Threat Actors Exploiting F5 BIG IP CVE-2022-1388 | CISA

28 April 202228 April 2022

Joint advisory on the top exploits

The UK’s National Cyber Security Centre with it’s partners in the Five Eyes, has issued an advisory for the top exploited software vulnerabilities in 2021 – meaning they could continue being the top exploits in 2022. 2021 Top Routinely Exploited Vulnerabilities | CISA Microsoft Exchange server, VMware, SonicWall and Log4j …

Continue reading “Joint advisory on the top exploits”

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.