Whitehat Virtual Blog

Discover best practices, product information, and IT tips that you can use to help your business.

Whitehat Virtual Security Bulletin - September 2016

Bryon Miller
Posted by Bryon Miller on Oct 16, 2016 3:41:46 PM

Whitehat Virtual Security Bulletin - September 2016 

Every day is an interesting one in the cyber security world. Here are some highlights from the past few weeks that Whitehat Virtual would like to share with you. At the end of each security breach you'll find recommended solutions to address each issue.  We’re here to help you secure your business in any way we can and we hope this helps. Stay safe out there!

Hackers have stolen over 60 million Dropbox users’ account information. They have released a statement requesting that users change their passwords.

Hack Brief: 4-Year-Old Dropbox Hack Exposed 68 Million People's Data

Dropbox Blog: Resetting Passwords To Keep Your Files Safe

Instructions for resetting your Dropbox password

If you're not currently signed in to your account:

Visit dropbox.com in your web browser.
Click Sign in.
Click Forgot your password?
Enter the email address you used to create the account.
Check your email inbox and click the link in the email you received to reset your password. 

Apple has released a patch for what is arguably the worst vulnerability of all time for its’ iOS devices. Remote spying of text, email, phone calls, GPS location, and even remote camera usage are among the headlines relating to this vulnerability.

Apple Releases Security Update

iPhone Users Urged to Update Software After Security Flaws Are Found

Instructions for updating iOS devices can be found by clicking here

A group claiming to have hacked the NSA’s hacking group released a small amount of what it claims are military grade cyber weapons that were in use by the NSA as recently as 2013. The vulnerabilities affect some of the most popular network and security hardware and software in use today. Cisco, Fortinet, Juniper and TopSec are among those. The group is now auctioning off the remainder of the weapons, though it’s widely believed to be a smoke and mirror distraction.

Fortinet Releases Security Advisory

Cisco Releases Security Update

Cookie Parser Buffer Overflow Vulnerability

Shadow Brokers Release of Hacking Code

Instructions for updating the affected products can be found in each of the links above. We recommend updating these products as soon as possible.

Google Chrome
Google has released updates to Chrome after researchers discovered a Trojan that impersonates the popular web browser.

Google Chrome Impersonator

Instructions for updating Chrome can be found here.

Microsoft Windows
New “Fantom” ransomware has been found disguised as a legitimate Microsoft Windows update.

"Fantom" Ransomware

Single sign-on and identity management company OneLogin was breached. The attacker used an employee’s login information to gain access to internal logging systems and see customer Secure Notes which are typically encrypted.

OneLogin Breached

As always, we encourage users to be aware of their actions pertaining to security online. Some simple tips to keep you safe include:

  1. Use complex and unique passwords when possible and change them on a regular basis
  2. Don’t click links in emails that you can’t verify the authenticity of
  3. Don’t visit websites that are of a questionable nature
  4. DO NOT provide any personal information if you do find yourself at a questionable site

Online security starts with the end user and basic awareness can go a long way to prevent accidental exposure of sensitive information. We hope you’ve found this informative and helpful and we encourage you to send us any questions or comments you may have on the topics we’ve addressed. 

If you'd like to identify the strengths and weaknesses of your IT infrastructure, a security risk assessment will let you know if you are at risk. 

Speak with a Security Expert

Topics: Security