vulnerability | Smart Thinking Solutions

25 May 202225 May 2022

Spied on through your webcam – thankfully Screencastify fixed it!

The developers of the Chrome extension, Screencastify, used for capturing and sharing videos from websites, have fixed an issue where victim could have been spied on using the webcam in their device. Any recorded video could then have been stolen. Chrome extension Screencastify fixes webcam spy bug • The Register

23 May 202220 December 2022

I love patches as part of a cyber security plan – but there is a problem!

If the patch is not effective or worse it breaks something else whilst fixing the vulnerability. This happened to Microsoft: Microsoft fixes Windows authentication woes • The Register But you still have to run those patches and updates as an unpatched system is a target for threat actors. Better to …

Continue reading “I love patches as part of a cyber security plan – but there is a problem!”

20 May 202220 May 2022

CISA alert: ISC Berkeley Internet Name Domain (BIND)

ISC Releases Security Advisory for BIND | CISA If you know what it is then you need to patch it. The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting version 9.18.0 of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this …

Continue reading “CISA alert: ISC Berkeley Internet Name Domain (BIND)”

18 May 202228 April 2023

CISA joint advisory on access control. Are you still missing MFA?

The US Cybersecurity and Infrastructure Security Agency has issued a joint advisory with the cyber security organisations from the UK, New Zealand, Netherlands and Canada listing ten regularly exploited weak security controls, poor configurations, and bad practices that allow threat actors to compromise networks. Here is the article: Weak Security …

Continue reading “CISA joint advisory on access control. Are you still missing MFA?”

18 May 202218 May 2022

CISA updates on Apache and two more vulnerabilities added to their database – UPDATED 18 May 2022

The vulnerabilities are for Zyxel firewalls and VMWare Spring Cloud. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA The Apache issue is with Tomcat: Apache Releases Security Advisory for Tomcat | CISA Researchers, NSA cybersecurity director warn of hackers targeting Zyxel vulnerability – The Record by Recorded Future

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.