Albox City Council chooses Cambium Networks for its wireless traffic management network, IP public address and public WiFi

Albox town hall, has become one of the first Smartcity Municipalities in Spain. The project, based on the deployment of a Wireless Municipal Network , developed by Next Communications with Cambium Networks technology, allows improving mobility in certain areas of the municipality, thanks to a network of cameras and an IP public address system, in addition to offering access Free WiFi to neighbours.

The video surveillance system allows a more efficient control of vehicle traffic and optimum compliance with regulations. The network of cameras captures images of the traffic lanes and license plates of the vehicles that transit them, creating a registry to detect, in real time or at a specific moment, traffic infractions and road safety.

The Wireless Municipal Network connects with the Security Control Center, located at the Local Police Headquarters and includes IP Public Address services, which allow interaction with citizens in each area and make announcements of interest. It also offers free WiFi access to residents, which places the Municipality of Albox, as one of the first to join the European initiative WiFi4EU, whose goal is that, by 2020, all public spaces in the EU offer free Internet access.


Advice: Please remember that free WiFi accessable by anyone means that anyone could access your device. Do not use these systems to log into websites that need your password or to transmit sensitive information. Since it is a public and free network, the Town Council recommends not exchanging data that could put the citizen's privacy at risk, such as bank account numbers, credit cards or personal photographs.

Netwise 28.03.19

LibreOffice and OpenOffice security risk found.

oovslibreLibreOffice, an open source clone of Microsoft Office, has patched a bug that allowed attackers to execute commands of their choosing on vulnerable computers. A similar flaw in Apache OpenOffice remains unfixed.

A Remote Code Execution (RCE) vulnerability was discovered in LibreOffice on Windows and Linux, and users are now recommended to update to the latest versions, as patches have already been issued.

While the vulnerability has already been resolved in LibreOffice, it looks like other Office productivity suites are affected as well, including OpenOffice.
OpenOffice is still unpatched right now, with no ETA as to when a fix could be shipped.

The security researcher confirms that OpenOffice 4.1.6 is the one vulnerable to attacks and the parent company acknowledged the issue, only that no known release date is available just yet.

Users are thus recommended to update to the latest version of LibreOffice as soon as possible, while those using OpenOffice should try to stay away from documents coming from untrusted sources as much as possible.

According to sources, OpenOffice users can mitigate the risk by removing or renaming the pythonscript.py file in the installation folder.

Netwise 09.02.19

defenderWindows 10 Defender Anti-Malware Update Problems

Microsoft warns that Windows 10 may not start on some computers after installing the latest monthly updates of the Windows Defender antimalware platform.

Affected resources

Computers with Windows 10 operating systems (Enterprise, Pro and Home) or Windows Server 2016.

Solution

According to Microsoft, it is working on a solution to the problem that will be published in a future update.

If your computer has been affected, follow the recommendations they offer from the Microsoft support center. If you have questions, go to a technical support service you trust to help you solve the problem.

However, remember that antimalware products must always be active and updated to be effective and protect you from viruses and fraud.

Technical Details

It is a bug that would affect those computers that have the Secure Boot function (version 4.18.1901.7) active in the BIOS. Additionally, this update could generate problems due to a change in the location of the update file path, which would cause many downloads to be blocked when the AppLocker, application execution control program and files are enabled.

Netwise 02.02.19

Vision Direct hack puts customers' money at risk

Vision Direct says a hack attack has exposed thousands of its customers' personal data including payment card numbers, expiry dates and CVV codes.

The contact lens retailer said anyone who had entered their details into its site between 3 and 8 November could be affected.

It added that it had identified 16,300 people as being at risk.

It said a fake Google Analytics script placed within its websites' code was the apparent cause.

The company's UK site was involved as well as local versions for Spain, Ireland, the Netherlands, France, Italy and Belgium.

Under investigation

A spokeswoman for Vision Direct told the BBC that 6,600 customers were believed to have had details including financial data compromised, while a further 9,700 people had had personal data but not card details exposed.

"This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware," she added.

"Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."

One expert said the involvement of card security codes made the breach particularly serious.

"Being able to provide the CVV number usually indicates that you have the card in your hand when making a purchase," commented cyber-security researcher Scott Helme.

"Now the attackers have the full card details including the CVV number, these checks carry less value."

Apology

Vision Direct describes itself as Europe's biggest online seller of contact lenses and eye care products.

A statement on its site says that anyone who updated their details during the stated period, or had an order or update submitted on their behalf by its customer services team, should contact their banks and/or credit card providers.

"The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV," said the alert.

"We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise."

It added that customers who had used PayPal during the period might have had their names and addresses accessed, but said their payment details should still be safe.

 

The Vision Direct statement, who may be affected and what to do if you think you are at risk is on their website

Netwise 20.11.18