Newsletter

Networking Monitoring News – Feb 2016

Credit Card Liability

There are reports that fast-food chain Wendy’s has been hacked. Wendy’s spokesman Bob Bertini has stated that they are investigating reports of unusual payment card activities used at some of their locations. “We have been working with our payment industry contacts since recently learning of these reports and we have launched a comprehensive investigation with the help of cybersecurity experts to gather facts, while working to protect our customers,” he said in an email.

The real story here is with Wendy’s swiping terminals. Mastercard, Visa and American Express along with other card providers have been pushing US merchants to change their swipe terminals to the new EMV chip terminals by October 31 of last year. Merchants that are not compliant face much higher liability risk if they suffer a data breach. If it turns out Wendy’s was indeed breached, this will be the first time the new liability processes will be tested in a large scale.

https://www.usatoday.com/story/money/2016/01/27/wendys-investigating-unusual-payment-activity/79397598/

Fortinet SSH Backdoor

Fortinet has acknowledged that an SSH backdoor detected in some of its products exists in some of the company’s new products as well. The accounts with a hardcoded password are “remote management” features, according to Fortinet.

This vulnerability has been heavily probed and it needs to be addressed as soon as possible. An exploit is trivial if the attacker is able to connect to a vulnerable firewall.

https://www.theregister.co.uk/2016/01/23/thought_you_were_safe_from_the_fortinet_backdoor_think_again/

Moving away from Browser Plugins

As some of you know, web browser vendors are slowly moving away from supporting web browser plugins, eliminating the ability to embed Flash, Silverlight, Java and other plugin based technologies. This is a very good thing for all of us. Plugins such as Flash Player and Java account for the vast majority of drive by infections because of all the programming errors that exist within the code base.

Oracle has stated that it is finally migrating away from browser plugins for Java and moving developers to their new Java Web Start technology. Unless you need Java for specific applications, it should be removed from all machines.

Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.

Early Access releases of JDK 9 are available for download and testing at https://jdk9.java.net/. More background and information about different migration options can be found in this short whitepaper from Oracle.

https://blogs.oracle.com/java-platform-group/entry/moving_to_a_plugin_free

Ron Samson

Share
Published by
Ron Samson

Recent Posts

NOC vs SOC: How to Choose the Best Option for Your IT Infrastructure

In today's digitized world, the protection of a business's IT infrastructure has become more crucial…

2 weeks ago

SIEM and SOC: Key Differences and Why You Need Both

As cybersecurity threats grow more complex, organizations are turning to advanced solutions to protect their…

2 weeks ago

SIEM vs EDR: A Comprehensive Guide to Their Strengths and Uses

In the world of cybersecurity, two powerful tools frequently come up in discussions around threat…

3 weeks ago

SIEM Security Tool vs. Traditional Monitoring: What’s the Difference?

In the ever-evolving cybersecurity landscape, businesses are increasingly looking for ways to protect their data…

4 weeks ago

Choosing the Right Managed SIEM Solutions for Your Organization

In an increasingly digital world, businesses must be able to monitor, detect, and respond to…

4 weeks ago

What Does EDR Stand For in Threat Management?

In today’s digital world, security is a priority for every business, regardless of size. Cyber…

1 month ago