fbpx

Firefox Zero Day Exploit Found

Anyone using Firefox on a Mac, Linux or Windows platform needs to immediate update to the latest version.  This vulnerability appears to allow for remote access and execution on the victim’s system.

The vulnerability was found by: Samuel Groß of Google Project Zero, Coinbase Security.  It has been labeled with an impact of critical.

Description from Firefox’s website: “A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”  This vulnerability is identified as CVE-2019-11707.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business

Cyber Insurance

Cyber Insurance is a relatively new form of insurance to protect against cyber threats.  Because this is a new form of insurance, it is important to understand what you are purchasing.  It seems that not many business owners like reading insurance policies (which is understandable).

There is a large court case pending between Zurich International and US food company Mondelez International.  Mondelez International experienced a cyber incident, which allegedly cost them $190 million in losses.  According to Doug Olenick of SC Magazine (scmagazine.com), “Mondelez placed a claim with its insurance provider, Zurich America, based on a clause in its contract that stated it was covered for ‘all risks of physical loss or damage’ to property, including ‘physical loss or damage to electronic data, programs, or software, including loss or damage caused by the malicious introduction of a machine code or instruction.’  Along with any loss or expenses incurred by the company for the period its business was interrupted.”

Doug went on to say that “Zurich eventually declined to make a payment, citing an exception to coverage because NotPetya was a ‘hostile or warlike action’ by a ‘government or sovereign power.’  So, Mondelez countered with a $100 million lawsuit.”  This placed the burden of proof on Zurich.  They must now prove that the incident was a “hostile or warlike action” by a “government or sovereign power,” which is an exception on their cyber-policy.

A few more words of caution when looking at cyber-insurance.  Insurance companies are now requiring their clients to complete questionnaires when applying for coverage.  Like all legal documents, it is critical that these questionnaires be answered to the best of your knowledge.  Many clients are calling us for assistance with completing the questionnaires.  The purpose of the questionnaire is for the insurance company to understand the risk they are insuring against.  From my perspective, because this is a relatively new type of coverage, I’ve not seen any company denied coverage or had a rate significantly change based on the result of the questionnaire.  I have seen language in polices stating that if the information you are attesting to is true and accurate though.  So, if a company provides false information and there is a coverage question, I would not be surprised to see the claim is denied.  This would put the burden of proof on the client to prove that they have the controls in place to protect against the threat.

If you cannot affirmatively answer a question, most questionnaires will have an area for additional information on what your plan is to meet the requirement.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business

Technology Testimonial from Boonshoft CFO/COO Doug Hull

A year and a half ago we were approached by the Boonshoft Museum of Discovery to help them update their IT services for both employees and museum attendees. Changing from an internal employee to an outside service can be stressful decision, but these kinds of transitions are our specialty. We have been able to offer the museum more service and access than they were getting before resulting in higher productivity from their staff, and a more enjoyable experience for their visitors. Special thanks to Doug for speaking on his experience with Quanexus.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business, Telephone Systems

Technology, Are We Advancing Too Fast?

Facial Recognition, Artificial Intelligence (AI), Biotechnology (Biotech), and more.  This week, I am just taking a long-term view of what the world ahead might look like, within the next 10 to 20 years.

Facial Recognition & Motion:  The technology has developed beyond the point of just facial recognition and can now determine what/where a person is looking.  With motion detection, it is now possible to monitor a person’s efficiency and compare a person’s job performance efficiency to peer workers.  These technologies are starting to be used in some industries, such as trucking.  Companies can monitor the health of the drivers and trucks are being built with alarms and vibrating seats to alert a driver if they start to nod off or become distracted.  On the flip side, this technology in factories may put extra stress on employees to possibly perform at extreme rates of efficiency, causing burn out.  All of this technology is based on AI.

AI and the Self-Driving Car:  From a philosophical view point, we may be on the verge of allowing computers to make life or death decisions for us on a regular basis.  Imagine you own a self-driving car, you’re commuting to work, and two children jump in front of the car while playing.  The car will have to decide whether to save the two children or put the owner’s life at risk. I chose the word decide, but there really won’t be a decision.  The car will simply perform to a set of instructions that have been pre-programmed into the vehicle.

Biotech:  Biotech is reaching the tipping point.  Clustered Regularly Interspaced Short Palindromic Repeats (CRISPR) is a very solid technology that lets humans perform genetic engineering.  It is now possible to create bulls without horns and breed more genetically perfect animals.

With the incredible advances in AI and Biotech, it may be time to take a quick pause and ponder what and how this technology will affect us in the future.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts