FaceTime Bug allowing Eavesdropping
A critical bug has just been discovered in the new iOS allowing eavesdropping via FaceTime. A fix is expected later this week, but in the meantime, it is highly recommended to turn off FaceTime.
3-2-1 Backup Strategy
An organisation can lose its data due to many reasons: cyber-attacks, corrupt storage media, rogue employees or human error. A simple yet effective solution to backup your data is the 3-2-1 strategy. The strategy consists of three steps:
• STEP 1: Create three copies of your data including one primary copy and two other backup copies.
• STEP 2: Store the two backup copies on two different media such as hard disks or cloud.
• STEP 3: Always keep one of these copies at an offsite location.
Daily backups are bread and butter for any IT department. Yet many companies fail to formulate a backup and recovery plan for their data. Start by implementing the 3-2-1 backup strategy. Check out the following article by one of our experience consultants, David Roccasalva, about considerations that need to be taken before making a data backup strategy.
A future ISM prospect?
Department of Homeland security has issued an emergency directive requiring all US agencies to operate with a .gov domain. AU Gov tends to follow US Gov directives in turn so potentially, this is something that may be incorporated into the ISM in future.
Adobe's Security Updates
Adobe has recently released security updates to fix two critical vulnerabilities for Acrobat and Reader. The first vulnerability, identified as CVE-2018-16011, can lead to the execution of arbitrary code. The second vulnerability, identified as CVE-2018-19725, can result in privilege escalation.
As these vulnerabilities are public now, it is highly recommended that both Mac and Windows users install these updates. Click on the following link for further action:
Vulnerabilities in Fax Protocol
ATO claims to have received more than 115,000 faxed documents in 2017-18. According to ‘The Age’, and ‘the Sydney Morning Herald ‘, many small Australian companies in the healthcare, finance and legal sector still use fax on a daily basis. The vulnerabilities in the fax machine protocols haven’t been updated since the 1980s and such extensive use of fax printers in Australia pose a huge problem.
At the recent DEF CON 26 hacker event in Las Vegas, two security researchers from Check Point demonstrated one such exploit - ‘Faxploit’. They showed that a hacker only needs a fax number to exploit these vulnerabilities. A specially coded colour jpeg can have any malware code, which when received by the fax printer, can easily be decoded and uploaded into the printer’s memory. The malware can then spread through the device and ultimately to the network that is connected to the fax-printer.
One way to prevent Faxploit is via network segmentation. Companies can limit the data access to an attacker by breaking large networks into smaller ones, or by isolating fax machines in their own subnetworks.