VDA Lock Down: July 19, 2019

,

Contents

  • Security News
  • VDA Fuzzing Feature
  • Incident Response Training

Top Security News

Lenovo NAS Leak

A bug disclosed this week by Lenovo was shown to allow access to sensitive files via a ‘trivial’ exploit. The issue impacts LenovoEMC and Iomega branded network attached storage (NAS) devices and requires a firmware fix to patch the issue. This problem may have led to the leak of over 36 TB of sensitive financial information.

https://threatpost.com/lenovoemc-storage-leak-financial-data/146494/

Patch Your Keyboard?!

Researchers are warning of a new class of “MouseJacking” attacks that impact various models of Logitech keyboards. For those who are unfamiliar, MouseJacking attacks allow an attacker to inject keystrokes into a wireless keyboard using a small radio device that costs less than $50.

This class of issue has been around since 2016, however a variety of new attacks have recently been discovered. It is recommended that users patch their devices now, and possibly again in the near future as more fixes become available.

https://www.theverge.com/2019/7/14/20692471/logitech-mousejack-wireless-usb-receiver-vulnerable-hack-hijack

Mayors Vow Against Ransomware

With many high profile cases in the recent past of municipalities being infected and paying ransoms, a group of mayors called The US Conference of Mayors vowed that their members would no longer pay ransoms to attackers.

https://www.zdnet.com/article/us-mayors-group-adopts-resolution-not-to-pay-any-more-ransoms-to-hackers/

VDA Fuzzing Feature

Did you know that VDA Labs has a partnership with Microsoft to help organizations integrate cutting edge fuzzing and DAST technologies into their software development life cycles? This tech helps find bugs earlier in development, saving time and cost.

Learn more about our deep fuzzing expertise at the link below.

VDA Labs Advanced Fuzzing Services

Should you or someone you know – know more about IR?

VDA Labs has been working to develop a new course offering that will be offered for the first time in Summer 2019 built around our own incident handling TTPs (Tactics, Techniques, and Procedures) for conducting incident response operations. We will be offering this course in person, in Grand Rapids Michigan.

When: August 13 and 14, 8am to 5pm
Where: Calvin College DeVos Communications Center, Room 170
Cost: $1000/seat

Visit our website to read more and register!
Incident Response Training Information

Skills

Posted on

July 23, 2019