Last Week in Cyber Security 10-04-17
09/12/2017 - Apache v. Equifax
While reeling from their massive data breach Equifax indicted flaws in Apache’s open source framework as responsible for the vulnerability. The likely vulnerability was patched months ago, however. This should serve as a reminder to all to stay up to date with the frameworks your organization relies upon, read their security findings, and patch your systems.
09/29/2017 - Mac EFI Malware vulnerability
Though Macs are generally quite proficient at ensuring constant updates, security researchers have found that roughly 4.2% have not been updating their EFI firmware versions along with normal updates. The key here is to check your Mac’s EFI version against what it was built with to ensure you are getting the latest updates. More info on how to check your EFI firmware version can be found here.
10/2/2017 - DNSMASQ vulnerabilities
Dnsmasq, the popular network application tool standard on Linux flavors including Debian and Ubuntu was found to have seven security vulnerabilities, three of which allowed attackers to remotely execute code to hijack a target system. Learn more about the attack vectors, but most importantly, update your servers to Dnsmasq 2.78, which addresses all of the above flaws.
10/3/2017 - Call for more cyber soldiers
The proliferation of a cyber arms race has a parallel to the American response toward Russia’s launch of Sputnik. The United States doubled down on the space race, and more importantly, on the education of young American scientists. That same commitment to education now will train a new army of cyber soldiers, which the United States desperately needs.