BNMC Blog

The Internet of Things, a collective term for the countless connected devices out there that have traditionally not been connected to the Internet, is a vast and dangerous territory for businesses to cover, perhaps now more than ever before. Unfortunately, this massive group of connected devices also tends to make itself a target for hackers who want to leverage these devices to their advantage. A recent hack shows just how much hackers can stand to gain from infiltrating these connected devices.

Some vulnerabilities can fly under the radar for quite some time, some for months or even years. This is the case with a recently discovered Microsoft Azure database vulnerability. The exploit, discovered by cloud security provider Wiz, is found in Cosmos DB, Microsoft Azure’s managed database service, and it’s a real nasty one at that. Let’s dive into the details and see what we can learn from the incident.

Sometimes threats come from the most unlikely places. One such threat came in the form of Apple’s FaceTime app, which gives users the ability to spy on others without their consent through group FaceTime calls. Even though a patch has been issued that solves the problem, it’s still worth reflecting on.

Businesses that have been around the block a time or two may have discovered specific software titles that yield little-to-no results. Some might even be security risks that you simply aren’t willing to expose your data to. The free or cheap software found by some organizations to make up for operational deficiencies don’t always cut it, and some can even put your business at risk. This week’s tip is dedicated to finding the best software for your business.

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Intel recently found itself (once again) in hot water, mere months after many flaws were discovered in the firmware that enables all of their chips to do their job. This time, the issue could have potentially caused a permanent dip in the CPU’s capacity to function properly. This has come to be known as the Meltdown vulnerability.

In case you haven’t heard, the credit bureau, Equifax, has suffered a data breach that may have exposed the records of 143 million Americans.

August saw yet another Patch Tuesday designed to resolve security issues in Microsoft products. Out of the 48 vulnerabilities resolved, 15 affected Windows, while 25 were rated as critical, 21 as important, and 27 that allowed for remote code execution. This might sound a little overwhelming, so we’ll try to simplify it a bit--a lot of flaws were fixed, and the majority of them can be considered dangerous for your organization.