Booz Allen Hamilton Researchers Detail New RtPOS Point-of-Sale Malware
Security researchers from Booz Allen Hamilton have spotted a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems. [...]
https://www.bleepingcomputer.com/news/security/booz-allen-hamilton-researchers-detail-new-rtpos-point-of-sale-malware/
Security researchers from Booz Allen Hamilton have spotted a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems. [...]
https://www.bleepingcomputer.com/news/security/booz-allen-hamilton-researchers-detail-new-rtpos-point-of-sale-malware/
BleepingComputer
Booz Allen Hamilton Researchers Detail New RtPOS Point-of-Sale Malware
Security researchers from Booz Allen Hamilton have spotted a previously unseen and undocumented malware strain that targets point-of-sale (POS) systems.
Exploit Published for Unpatched Flaw in Windows Task Scheduler
A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account. [...]
https://www.bleepingcomputer.com/news/security/exploit-published-for-unpatched-flaw-in-windows-task-scheduler/
A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-access SYSTEM account. [...]
https://www.bleepingcomputer.com/news/security/exploit-published-for-unpatched-flaw-in-windows-task-scheduler/
BleepingComputer
Exploit Published for Unpatched Flaw in Windows Task Scheduler
A security researcher has published on Twitter details about a vulnerability in the Windows OS. The vulnerability is a "local privilege escalation" issue that allows an attacker to elevate the access of malicious code from a limited USER role to an all-accessβ¦
US Government Takes Steps to Bolster CVE Program
The US government is taking steps to fix the Common Vulnerabilities and Exposures (CVE) system that's been plagued by various problems in recent years. [...]
https://www.bleepingcomputer.com/news/security/us-government-takes-steps-to-bolster-cve-program/
The US government is taking steps to fix the Common Vulnerabilities and Exposures (CVE) system that's been plagued by various problems in recent years. [...]
https://www.bleepingcomputer.com/news/security/us-government-takes-steps-to-bolster-cve-program/
BleepingComputer
US Government Takes Steps to Bolster CVE Program
The US government is taking steps to fix the Common Vulnerabilities and Exposures (CVE) system that's been plagued by various problems in recent years.
Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. [...]
https://www.bleepingcomputer.com/news/security/active-attacks-detected-using-apache-struts-vulnerability-cve-2018-11776/
After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week. [...]
https://www.bleepingcomputer.com/news/security/active-attacks-detected-using-apache-struts-vulnerability-cve-2018-11776/
BleepingComputer
Active Attacks Detected Using Apache Struts Vulnerability CVE-2018-11776
After last week a security researcher revealed a vulnerability in Apache Struts, a piece of very popular enterprise software, active exploitation attempts have started this week.
Instagram Expands 2FA Support Following Recent Wave of Account Hacks
Instagram announced today plans to improve its two-factor authentication (2FA) mechanism by adding support for third-party authenticator apps. [...]
https://www.bleepingcomputer.com/news/security/instagram-expands-2fa-support-following-recent-wave-of-account-hacks/
Instagram announced today plans to improve its two-factor authentication (2FA) mechanism by adding support for third-party authenticator apps. [...]
https://www.bleepingcomputer.com/news/security/instagram-expands-2fa-support-following-recent-wave-of-account-hacks/
BleepingComputer
Instagram Expands 2FA Support Following Recent Wave of Account Hacks
Instagram announced today plans to improve its two-factor authentication (2FA) mechanism by adding support for third-party authenticator apps.
Sticky Notes 3.0 Is Now Available for Windows Insiders
Microsoft has been teasing a major update for Sticky Notes app over the last few weeks and today you can download the update if you're a Skip Ahead ring Insider. The Sticky Notes 3.0 for Windows 10 comes with the dark theme, cross-device syncing and more. [...]
https://www.bleepingcomputer.com/news/microsoft/sticky-notes-30-is-now-available-for-windows-insiders/
Microsoft has been teasing a major update for Sticky Notes app over the last few weeks and today you can download the update if you're a Skip Ahead ring Insider. The Sticky Notes 3.0 for Windows 10 comes with the dark theme, cross-device syncing and more. [...]
https://www.bleepingcomputer.com/news/microsoft/sticky-notes-30-is-now-available-for-windows-insiders/
BleepingComputer
Sticky Notes 3.0 Is Now Available for Windows Insiders
Microsoft has been teasing a major update for Sticky Notes app over the last few weeks and today you can download the update if you're a Skip Ahead ring Insider. The Sticky Notes 3.0 for Windows 10 comes with the dark theme, cross-device syncing and more.
You May Soon Be Able to Log Into Windows 10 Using a Google Account
According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticate enterprise users against their company's G Suite account and possibly regular Go [...]
https://www.bleepingcomputer.com/news/google/you-may-soon-be-able-to-log-into-windows-10-using-a-google-account/
According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticate enterprise users against their company's G Suite account and possibly regular Go [...]
https://www.bleepingcomputer.com/news/google/you-may-soon-be-able-to-log-into-windows-10-using-a-google-account/
BleepingComputer
You May Soon Be Able to Log Into Windows 10 Using a Google Account
According to a new project uploaded to the Chromium team's code review site, users may soon be able to login into Windows 10 using their Google G Suite accounts. This new feature uses a "Google Credential Provider" that will allow Windows to authenticateβ¦
Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. [...]
https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum. [...]
https://www.bleepingcomputer.com/news/security/data-of-130-million-chinese-hotel-chain-guests-sold-on-dark-web-forum/
BleepingComputer
Data of 130 Million Chinese Hotel Chain Guests Sold on Dark Web Forum
A hacker is selling the personal details of over 130 million hotel guests for 8 Bitcoin ($56,000) on a Chinese Dark Web forum.
Beware of Fake "Shipping Docs" Malspam Pushing the DarkComet RAT
A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, take screenshots, and more, which is then sent back to the malware developer. [...]
https://www.bleepingcomputer.com/news/security/beware-of-fake-shipping-docs-malspam-pushing-the-darkcomet-rat/
A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, take screenshots, and more, which is then sent back to the malware developer. [...]
https://www.bleepingcomputer.com/news/security/beware-of-fake-shipping-docs-malspam-pushing-the-darkcomet-rat/
BleepingComputer
Beware of Fake "Shipping Docs" Malspam Pushing the DarkComet RAT
A new malspam campaign is underway that pretends to be shipping documents and contains an attachment that installs the DarkComet remote access Trojan. When DarkComet is installed, the malware has the ability to log your keystrokes, application usage, takeβ¦
Critical Flaw Fixed in Packagist, PHP's Largest Package Repository
The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service. [...]
https://www.bleepingcomputer.com/news/security/critical-flaw-fixed-in-packagist-phps-largest-package-repository/
The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service. [...]
https://www.bleepingcomputer.com/news/security/critical-flaw-fixed-in-packagist-phps-largest-package-repository/
BleepingComputer
Critical Flaw Fixed in Packagist, PHP's Largest Package Repository
The maintainers of Packagist, the PHP ecosystem's largest package repository, have fixed a critical vulnerability on their official website that could have allowed an attacker to hijack their service.
Stingray Devices May Interfere With 911 Emergency Calls
A popular vendor of cell-site simulators (also known as IMSI catchers or stingray devices) has told a US Senator that its equipment may interfere with 911 emergency calls. [...]
https://www.bleepingcomputer.com/news/government/stingray-devices-may-interfere-with-911-emergency-calls/
A popular vendor of cell-site simulators (also known as IMSI catchers or stingray devices) has told a US Senator that its equipment may interfere with 911 emergency calls. [...]
https://www.bleepingcomputer.com/news/government/stingray-devices-may-interfere-with-911-emergency-calls/
BleepingComputer
Stingray Devices May Interfere With 911 Emergency Calls
A popular vendor of cell-site simulators (also known as IMSI catchers or stingray devices) has told a US Senator that its equipment may interfere with 911 emergency calls.
OpenSSH Versions Since 2011 Vulnerable to Oracle Attack
OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago. [...]
https://www.bleepingcomputer.com/news/security/openssh-versions-since-2011-vulnerable-to-oracle-attack/
OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago. [...]
https://www.bleepingcomputer.com/news/security/openssh-versions-since-2011-vulnerable-to-oracle-attack/
BleepingComputer
OpenSSH Versions Since 2011 Vulnerable to Oracle Attack
OpenSSH continues to be vulnerable to oracle attacks, and the issue affects all versions of the suite since September 2011. Developers fixed a similar bug less than a week ago.
Air Canada Mobile App Users Affected By Data Breach
Air Canada informed today 20,000 of its mobile app users that information listed under their profile may have been accessed without authorization. [...]
https://www.bleepingcomputer.com/news/security/air-canada-mobile-app-users-affected-by-data-breach/
Air Canada informed today 20,000 of its mobile app users that information listed under their profile may have been accessed without authorization. [...]
https://www.bleepingcomputer.com/news/security/air-canada-mobile-app-users-affected-by-data-breach/
BleepingComputer
Air Canada Mobile App Users Affected By Data Breach
Air Canada informed today 20,000 of its mobile app users that information listed under their profile may have been accessed without authorization.
Researchers Detail Two New Attacks on TPM Chips
Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea. [...]
https://www.bleepingcomputer.com/news/security/researchers-detail-two-new-attacks-on-tpm-chips/
Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea. [...]
https://www.bleepingcomputer.com/news/security/researchers-detail-two-new-attacks-on-tpm-chips/
BleepingComputer
Researchers Detail Two New Attacks on TPM Chips
Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea.
4-Year Old Misfortune Cookie Rears Its Head In Medical Gateway Device
Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure. [...]
https://www.bleepingcomputer.com/news/security/4-year-old-misfortune-cookie-rears-its-head-in-medical-gateway-device/
Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure. [...]
https://www.bleepingcomputer.com/news/security/4-year-old-misfortune-cookie-rears-its-head-in-medical-gateway-device/
BleepingComputer
4-Year Old Misfortune Cookie Rears Its Head In Medical Gateway Device
Four years after its public disclosure, the Misfortune Cookie vulnerability continues to be a threat, this time affecting medical equipment that connects bedside devices to the hospital's network infrastructure.
Android Phones Expose Sensitive Data via Internal System Broadcasts
Internal system broadcasts happening inside the Android OS expose sensitive user and device details that apps installed on the phone can access without the user's knowledge or permission. [...]
https://www.bleepingcomputer.com/news/security/android-phones-expose-sensitive-data-via-internal-system-broadcasts/
Internal system broadcasts happening inside the Android OS expose sensitive user and device details that apps installed on the phone can access without the user's knowledge or permission. [...]
https://www.bleepingcomputer.com/news/security/android-phones-expose-sensitive-data-via-internal-system-broadcasts/
BleepingComputer
Android Phones Expose Sensitive Data via Internal System Broadcasts
Internal system broadcasts happening inside the Android OS expose sensitive user and device details that apps installed on the phone can access without the user's knowledge or permission.
Anonymous Catalonia Claims DDoS Attack On Bank of Spain Website
The website of Banco de EspaΓ±a, the national central bank of Spain, was taken offline at the beginning of the week by a DDoS attack claimed by hacktivist group Anonymous Catalonia. [...]
https://www.bleepingcomputer.com/news/security/anonymous-catalonia-claims-ddos-attack-on-bank-of-spain-website/
The website of Banco de EspaΓ±a, the national central bank of Spain, was taken offline at the beginning of the week by a DDoS attack claimed by hacktivist group Anonymous Catalonia. [...]
https://www.bleepingcomputer.com/news/security/anonymous-catalonia-claims-ddos-attack-on-bank-of-spain-website/
BleepingComputer
Anonymous Catalonia Claims DDoS Attack On Bank of Spain Website
The website of Banco de EspaΓ±a, the national central bank of Spain, was taken offline at the beginning of the week by a DDoS attack claimed by hacktivist group Anonymous Catalonia.
Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day
Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day. [...]
https://www.bleepingcomputer.com/news/security/temporary-patch-available-for-recent-windows-task-scheduler-alpc-zero-day/
Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of that particular zero-day. [...]
https://www.bleepingcomputer.com/news/security/temporary-patch-available-for-recent-windows-task-scheduler-alpc-zero-day/
BleepingComputer
Temporary Patch Available for Recent Windows Task Scheduler ALPC Zero-Day
Earlier this week a security researcher released exploit code for a Windows zero-day affecting the Task Scheduler ALPC interface. Today, cyber-security firm Acros Security published a temporary fix (called a micropatch) that prevents exploitation of thatβ¦
Unsophisticated Android Spyware Monitors Device Sensors
A new family of spyware for Android grabbed the attention of security researchers through its unusual set of features and their original implementation. [...]
https://www.bleepingcomputer.com/news/security/unsophisticated-android-spyware-monitors-device-sensors/
A new family of spyware for Android grabbed the attention of security researchers through its unusual set of features and their original implementation. [...]
https://www.bleepingcomputer.com/news/security/unsophisticated-android-spyware-monitors-device-sensors/
BleepingComputer
Unsophisticated Android Spyware Monitors Device Sensors
A new family of spyware for Android grabbed the attention of security researchers through its unusual set of features and their original implementation.
Google's FIDO Based Titan Security Key Now Available for $50 USD
Last month, Google announced their Titan Security Key - a FIDO based security key that allows you to easily perform 2-step verification with compatible devices, browsers, and sites. While previously only available to Google Cloud users, Google has now made the key available to U.S. customers for $50 through the Google Play Store. [...]
https://www.bleepingcomputer.com/news/google/googles-fido-based-titan-security-key-now-available-for-50-usd/
Last month, Google announced their Titan Security Key - a FIDO based security key that allows you to easily perform 2-step verification with compatible devices, browsers, and sites. While previously only available to Google Cloud users, Google has now made the key available to U.S. customers for $50 through the Google Play Store. [...]
https://www.bleepingcomputer.com/news/google/googles-fido-based-titan-security-key-now-available-for-50-usd/
BleepingComputer
Google's FIDO Based Titan Security Key Now Available for $50 USD
Last month, Google announced their Titan Security Key - a FIDO based security key that allows you to easily perform 2-step verification with compatible devices, browsers, and sites. While previously only available to Google Cloud users, Google has now madeβ¦
Azure AD B2B Collaboration Preview Now Lets You Login With Google
Microsoft announced that you can now setup a Google Federation in Azure Active Directory so that Gmail users can seamlessly be invited to an organization's shared files and applications. [...]
https://www.bleepingcomputer.com/news/microsoft/azure-ad-b2b-collaboration-preview-now-lets-you-login-with-google/
Microsoft announced that you can now setup a Google Federation in Azure Active Directory so that Gmail users can seamlessly be invited to an organization's shared files and applications. [...]
https://www.bleepingcomputer.com/news/microsoft/azure-ad-b2b-collaboration-preview-now-lets-you-login-with-google/
BleepingComputer
Azure AD B2B Collaboration Preview Now Lets You Login With Google
Microsoft announced that you can now setup a Google Federation in Azure Active Directory so that Gmail users can seamlessly be invited to an organization's shared files and applications.