USN-5658-1: DHCP vulnerabilities

Read Time:21 Second

It was discovered that DHCP incorrectly handled option reference counting.
A remote attacker could possibly use this issue to cause DHCP servers to
crash, resulting in a denial of service. (CVE-2022-2928)

It was discovered that DHCP incorrectly handled certain memory operations.
A remote attacker could possibly use this issue to cause DHCP clients and
servers to consume resources, leading to a denial of service.
(CVE-2022-2929)

Read More

golang-1.18.7-1.fc36

Read Time:18 Second

FEDORA-2022-0e313cc582

Packages in this update:

golang-1.18.7-1.fc36

Update description:

This release includes security fixes to the archive/tar, net/http/httputil, and regexp packages, as well as bug fixes to the compiler, the linker, and the go/types package. See the Go 1.18.7 milestone on the issue tracker for details.

Read More

golang-1.19.2-1.fc37

Read Time:18 Second

FEDORA-2022-59a20edab2

Packages in this update:

golang-1.19.2-1.fc37

Update description:

This release includes security fixes to the archive/tar, net/http/httputil, and regexp packages, as well as bug fixes to the compiler, the linker, the runtime, and the go/types package. See the Go 1.19.2 milestone on the issue tracker for details.

Read More

Cybersecurity considerations for wearable tech

Read Time:4 Minute, 28 Second

This blog was written by an independent guest blogger.

Ours truly is the great age of digital technology. Indeed, few of us can get through an ordinary day without engaging with some kind of digital device, whether we’re using them to communicate, research, work, bank, or even monitor our health.

In many cases, the digital devices we use to make it through the day aren’t sitting on our desks and tethered to an electrical outlet. Now more than ever, these essential technologies are worn on our bodies, from the wristbands we use to track our physical activity to the virtual reality headsets we wear to enjoy new levels of entertainment.

However, with all of these sophisticated technologies comes an equally advanced level of risk. Unfortunately, though, cybersecurity considerations surrounding wearable technologies are less often discussed than issues of data protection on commercial, government, and institutional networks.

This is a problem because wearable devices are increasingly becoming the repository of some of our most sensitive data, from personal health information to biometric data to financial records.

The ubiquity and risk of health wearables

There are few matters more personal or private than a person’s medical data, and yet unprecedented volumes of health data are now being collected, stored, and transmitted via wearable health monitors.

To be sure, the proliferation of health wearables has contributed to significant improvements in the overall quality of patient care. For example, physicians are now using wearable devices to remotely track patients’ vital signs across time, including evaluating blood pressure, blood glucose, and cardiac rhythms. Wearable devices are also being used by clinicians to assess lifestyle factors, from sleep quality to nutrition to physical activity to medication compliance.

The challenge, though, lies in the reality that, without proper cybersecurity measures, these devices may be easily stolen or hacked, potentially putting the patients’ most sensitive data at risk. Indeed, personal medical records are among the most coveted data for hackers today due to the often substantial sums these materials can fetch on the dark web.

For this reason, it is incumbent upon end-users and clinicians alike to observe rigorous security practices. Patients, for instance, should ensure that any Wi-Fi network the wearable device connects to, including their home network, is protected by up-to-date security systems, such as strong passwords and firewalls.

Indeed, wearable medical devices may be particularly vulnerable to hacks inside the patient’s home due to vulnerabilities within many smart home networks. The same systems that allow you to control your thermostat, lights, and door locks remotely can also expose your health records to bad actors if your smart home network isn’t properly secured.

Virtual and augmented reality (VR/AR) insecurity

Though wearable health technologies can pose a significant privacy risk should they be breached by hackers, these are far from the only wearable devices that may be penetrated.

Virtual reality (VR) and augmented reality (AR) technologies, including headsets, gloves, and goggles are increasingly being used not only for entertainment but also for professional purposes. For instance, these VR/AR technologies have become ubiquitous in marketing, being deployed in industries ranging from real estate to retail fashion. 

With such tools, realtors can use VR/AR simulations to allow prospective homebuyers to simulate a walk-through of a property before it is even constructed, consumers can virtually “try on” and purchase apparel in a range of custom colors and styles, and tourists can “tour” a resort before finalizing their booking.

The challenge, though, is that the prevalence of these technologies and the wide range of use can leave consumers vulnerable to identity theft, particularly in the form of biometrics hacking. Sophisticated cybercriminals may, for instance, be able to copy voice prints, fingerprints, and even iris and retina scans from VR hardware.

And because these biometrics are unique to each individual, once they fall into the wrong hands, the risk that bad actors may gain access to one’s sensitive information and personal accounts, including financial accounts and medical records, is great.

Physical theft and social engineering

The most significant risk associated with wearable devices such as these, however, does not come in the form of a highly sophisticated cyberattack. Rather, most wearables are breached either through physical theft or social engineering. For instance, cybercriminals may use phishing attacks to trick victims into revealing passwords or clicking links containing malware.

The good news, though, is that while the techniques used to breach wearable devices are vast and varied, so too are the strategies that may be used to protect them. This includes ensuring that your devices are secured at all times using strong passwords and biometrics. It’s also critical to keep track of the physical location of each of your devices and to dedicate separate technologies for personal and professional use. Above all, you should use robust security platforms, such as virtual private networks (VPN), particularly when accessing or storing sensitive data.

The takeaway

The pace of tech innovation today is astounding. The devices we use every day to work, learn, and play are no longer confined to our offices and desktops. Increasingly, we are wearing our tech. As convenient as this may be, however, wearable technologies also bring with them a host of cybersecurity concerns that must be identified and addressed if we are to safeguard against identity theft and other cybercrimes. 

Read More