Hackers are actively unleashing attacks that attempt to steal encryption keys, passwords, and other sensitive data from servers that have failed to apply critical fixes for two widely used virtual private network (VPN) products, researchers said.
The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month. The pre-authorization file-reading vulnerabilities resided in the Fortigate SSL VPN, installed on about 480,000 servers, and the competing Pulse Secure SSL VPN, installed on about 50,000 machines, researchers from Devcore Security Consulting reported.
The Devcore researchers discovered other critical vulnerabilities in both products. These make it possible for attackers to, among other things, remotely execute malicious code and change passwords. Patches for the Fortigate VPN became available in May and in April for Pulse Secure. But installing the patches can often cause service disruptions that prevent businesses from carrying out essential tasks.
A deadly outbreak of multi-drug resistant Salmonella that sickened 225 people across the US beginning in 2018 may have been spurred by a sharp rise in the use of certain antibiotics in cows a year earlier, infectious disease investigators reported this week.
From June 2018 to March of 2019, officials at the Centers for Disease Control and Prevention identified an outbreak of Salmonella enterica serotype Newport. The strain was resistant to several antibiotics, most notably azithromycin—a recommended treatment for Salmonella enterica infections. Before the outbreak, azithromycin-resistance in this germ was exceedingly rare. In fact, it was only first seen in the US in 2016.
Yet in the 2018-2019 outbreak, it reached at least 225 people in 32 states. Of those sickened, at least 60 were hospitalized and two died. (Researchers didn’t have complete health data on everyone sickened in the outbreak.)
Amazon is by far the biggest US online retailer. In the past 20 years it has leapt past its origins as a website you could order books from to become, among other things, the everything store—one-stop shopping for all physical and digital goods from A to Z.
The company's explosive growth is due in part to its sprawling third-party merchant marketplace. Many marketplace merchants are indeed above-board retailers, manufacturers, and resellers. But thousands more sell not only counterfeit items, but also mislabeled, unsafe, recalled, or even banned items that can put consumers—especially children—in serious danger.
The Wall Street Journal identified more than 4,100 such products for sale on Amazon.com during the course of a months-long investigation, and at least 2,000 are toys or medications that fail to include warnings about risks to children.
Posted in Uncategorized | Comments (0)
Phone companies and attorneys general from all 50 US states are touting a new agreement to fight robocalls, but it won't actually do much to help consumers.
The top wireless carriers and home phone providers promised attorneys general from every state and the District of Columbia that they would offer free robocall blocking and take other steps to fight robocalls. But the agreement imposes no legally binding requirements on phone providers. "Failure to adhere to these principles is not in itself a basis for liability," a disclaimer on the agreement notes.
Even if breaking the agreement was a basis for liability, there would be no deadline to comply. "Adherence to these principles may take time for the voice service providers to plan for and implement," the disclaimer also said, while providing no specific timeline for the carriers to fulfill their promises.