Reader@mReotEch.com

Latest Tech Feeds to Keep You Updated…

Two big fakes & two big flaws | Avast

Updated:  The DNC cyberattack was deemed to be a simulated test by an unknown third party.  This has been removed from our security roundup for the week.

Security flaws haunt Ghostscript

For the third year in a row, researchers have found exploitable flaws in the open source software Ghostscript, a PDF and PostScript interpreter used by hundreds of programs on all major platforms. While the software includes a sandbox protection option, researchers have now identified a series of sandbox bypass vulnerabilities. For a bad actor to take advantage of the flaw, he or she would only need to send their victim a specially modified file in a format that triggers interaction with Ghostscript (PDF, PS, EPS, or XPS). Doing so would grant the malware’s C&C remote code execution privileges on the infected system, thereby allowing them to essentially take it over. No patch is available yet, so experts are advising that Linux distributions disable PS, EPS, PDF, and XPS coders in ImageMagick’s policy.xml, as the image processing library seems to be the most affected project by the flaw.

How to secure your smart home | Avast

We live in a connected world. Globally, we’ve become a tighter community, while locally, we’ve become more global. The internet has delivered on convenience, allowing anyone with a connection to see, learn about, and communicate with any individual or business on the planet. This convenience is coupled with virtually every new tech product rolling off the line, and our homes are quickly filling up with an ever-growing universe of IoT devices.

Scroll Up