NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. [...]
https://www.bleepingcomputer.com/news/technology/ny-governor-cuomo-calls-for-investigation-on-facebook-health-data-collection/
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal. [...]
https://www.bleepingcomputer.com/news/technology/ny-governor-cuomo-calls-for-investigation-on-facebook-health-data-collection/
BleepingComputer
NY Governor Cuomo Calls For Investigation on Facebook Health Data Collection
New York Governor Andrew M. Cuomo stated that a number of state agencies including the Department of State and the Department of Financial Services will investigate Facebook health data acquisition practices exposed by The Wall Street Journal.
LinkedIn Messaging Abused to Target US Companies With Backdoors
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems. [...]
https://www.bleepingcomputer.com/news/security/linkedin-messaging-abused-to-target-us-companies-with-backdoors/
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems. [...]
https://www.bleepingcomputer.com/news/security/linkedin-messaging-abused-to-target-us-companies-with-backdoors/
BleepingComputer
LinkedIn Messaging Abused to Target US Companies With Backdoors
A series of malware campaigns that push the More_eggs backdoor via fake jobs offers are targeting employees of US companies which use shopping portals and similar online payment systems.
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...]
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows. [...]
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
BleepingComputer
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim's web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned. [...]
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
BleepingComputer
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
A United Arab Emirates based cybersecurity company named DarkMatter wants to become a trusted root certificate authority in Firefox and security professionals around the world are concerned.
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...]
https://www.bleepingcomputer.com/news/security/nvidia-patches-security-issues-in-gpu-display-driver-for-windows-linux/
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines. [...]
https://www.bleepingcomputer.com/news/security/nvidia-patches-security-issues-in-gpu-display-driver-for-windows-linux/
BleepingComputer
NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
NVIDIA released a security update for the NVIDIA GPU Display Driver software designed to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines.
Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials. [...]
https://www.bleepingcomputer.com/news/security/smart-homes-at-risk-due-to-unpatched-vulnerabilities-weak-credentials/
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials. [...]
https://www.bleepingcomputer.com/news/security/smart-homes-at-risk-due-to-unpatched-vulnerabilities-weak-credentials/
BleepingComputer
Smart Homes at Risk Due to Unpatched Vulnerabilities, Weak Credentials
40.8% of smart homes have at least one device vulnerable to remote attacks, a third of them being vulnerable because of outdated software with unpatched security issues, while more than two-thirds are exposed by weak credentials.
Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. [...]
https://www.bleepingcomputer.com/news/security/malspam-exploits-winrar-ace-vulnerability-to-install-a-backdoor/
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer. [...]
https://www.bleepingcomputer.com/news/security/malspam-exploits-winrar-ace-vulnerability-to-install-a-backdoor/
BleepingComputer
Malspam Exploits WinRAR ACE Vulnerability to Install a Backdoor
Researchers have discovered a malspam campaign that is distributing a a malicious RAR archive that may be the first one to exploit the newly discovered WinRAR ACE vulnerability to install malware on a computer.
Apex Legends Fans Targeted with Malware and Scam Campaigns
Apex Legends fans who want to play the game on mobile devices are being actively targeted by scam and malware campaigns which promise to deliver a playable version of the game ready to install on iOS and Android devices. [...]
https://www.bleepingcomputer.com/news/security/apex-legends-fans-targeted-with-malware-and-scam-campaigns/
Apex Legends fans who want to play the game on mobile devices are being actively targeted by scam and malware campaigns which promise to deliver a playable version of the game ready to install on iOS and Android devices. [...]
https://www.bleepingcomputer.com/news/security/apex-legends-fans-targeted-with-malware-and-scam-campaigns/
BleepingComputer
Apex Legends Fans Targeted with Malware and Scam Campaigns
Apex Legends fans who want to play the game on mobile devices are being actively targeted by scam and malware campaigns which promise to deliver a playable version of the game ready to install on iOS and Android devices.
Hackers Backdoor Cloud Servers to Attack Future Customers
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios. [...]
https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios. [...]
https://www.bleepingcomputer.com/news/security/hackers-backdoor-cloud-servers-to-attack-future-customers/
BleepingComputer
Hackers Backdoor Cloud Servers to Attack Future Customers
A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios.
Malvertising Attack Sneaks JavaScript Payload in Polyglot Images
A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward. [...]
https://www.bleepingcomputer.com/news/security/malvertising-attack-sneaks-javascript-payload-in-polyglot-images/
A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward. [...]
https://www.bleepingcomputer.com/news/security/malvertising-attack-sneaks-javascript-payload-in-polyglot-images/
BleepingComputer
Malvertising Attack Sneaks JavaScript Payload in Polyglot Images
A new malvertising attack observed in the wild relies on a less used technique to hide the malicious payload. The authors turned to polyglot images to add the JavaScript code that redirects to a page offering a fake reward.
Adobe Sends Emails About Retirement of Shockwave on April 9th
Adobe has started sending out emails to enterprise clients about the imminent retirement of Adobe Shockwave. These emails state that Adobe Shockwave player for Windows will no longer be available for download starting on April 9th 2019. [...]
https://www.bleepingcomputer.com/news/software/adobe-sends-emails-about-retirement-of-shockwave-on-april-9th/
Adobe has started sending out emails to enterprise clients about the imminent retirement of Adobe Shockwave. These emails state that Adobe Shockwave player for Windows will no longer be available for download starting on April 9th 2019. [...]
https://www.bleepingcomputer.com/news/software/adobe-sends-emails-about-retirement-of-shockwave-on-april-9th/
BleepingComputer
Adobe Sends Emails About Retirement of Shockwave on April 9th
Adobe has started sending out emails to enterprise clients about the imminent retirement of Adobe Shockwave. These emails state that Adobe Shockwave player for Windows will no longer be available for download starting on April 9th 2019.
Windows 10 Insider Preview Build 18346 Released With Bug Fixes
Microsoft has released Windows 10 Insider Preview Build 18346 (19H1) to Insiders in the Fast ring. This release is a maintenance build only that resolves numerous bugs, but does not add any new features. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-preview-build-18346-released-with-bug-fixes/
Microsoft has released Windows 10 Insider Preview Build 18346 (19H1) to Insiders in the Fast ring. This release is a maintenance build only that resolves numerous bugs, but does not add any new features. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-insider-preview-build-18346-released-with-bug-fixes/
BleepingComputer
Windows 10 Insider Preview Build 18346 Released With Bug Fixes
Microsoft has released Windows 10 Insider Preview Build 18346 (19H1) to Insiders in the Fast ring. This release is a maintenance build only that resolves numerous bugs, but does not add any new features.
Thunderclap Vulnerabilities Allow Attacks Using Thunderbolt Peripherals
Modern computers that come with a Thunderbolt interface and run Windows, macOS, Linux, or FreeBSD are vulnerable to a range of Direct Memory Access (DMA) attacks performed by potential attackers with physical access to the device using malicious peripherals. [...]
https://www.bleepingcomputer.com/news/security/thunderclap-vulnerabilities-allow-attacks-using-thunderbolt-peripherals/
Modern computers that come with a Thunderbolt interface and run Windows, macOS, Linux, or FreeBSD are vulnerable to a range of Direct Memory Access (DMA) attacks performed by potential attackers with physical access to the device using malicious peripherals. [...]
https://www.bleepingcomputer.com/news/security/thunderclap-vulnerabilities-allow-attacks-using-thunderbolt-peripherals/
BleepingComputer
Thunderclap Vulnerabilities Allow Attacks Using Thunderbolt Peripherals
Modern computers that come with a Thunderbolt interface and run Windows, macOS, Linux, or FreeBSD are vulnerable to a range of Direct Memory Access (DMA) attacks performed by potential attackers with physical access to the device using malicious peripherals.
Google Enhances Google Play Protect on Android, but Is It Enough?
Google has made changes to Google Play Protect in order to better protect Android users from malicious apps. Will these protections, though, be enough? [...]
https://www.bleepingcomputer.com/news/google/google-enhances-google-play-protect-on-android-but-is-it-enough/
Google has made changes to Google Play Protect in order to better protect Android users from malicious apps. Will these protections, though, be enough? [...]
https://www.bleepingcomputer.com/news/google/google-enhances-google-play-protect-on-android-but-is-it-enough/
BleepingComputer
Google Enhances Google Play Protect on Android, but Is It Enough?
Google has made changes to Google Play Protect in order to better protect Android users from malicious apps. Will these protections, though, be enough?
28 Billion Credential Stuffing Attempts During Second Half of 2018
During the second half of 2018, between May and December 2018, roughly 28 billion credential stuffing attempts have been detected, with retail websites being the main target of credential abuse with 10 billion attempts. [...]
https://www.bleepingcomputer.com/news/security/28-billion-credential-stuffing-attempts-during-second-half-of-2018/
During the second half of 2018, between May and December 2018, roughly 28 billion credential stuffing attempts have been detected, with retail websites being the main target of credential abuse with 10 billion attempts. [...]
https://www.bleepingcomputer.com/news/security/28-billion-credential-stuffing-attempts-during-second-half-of-2018/
BleepingComputer
28 Billion Credential Stuffing Attempts During Second Half of 2018
During the second half of 2018, between May and December 2018, roughly 28 billion credential stuffing attempts have been detected, with retail websites being the main target of credential abuse with 10 billion attempts.
New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. [...]
https://www.bleepingcomputer.com/news/security/new-elevation-of-privilege-vulnerability-found-in-cisco-webex-meetings/
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. [...]
https://www.bleepingcomputer.com/news/security/new-elevation-of-privilege-vulnerability-found-in-cisco-webex-meetings/
BleepingComputer
New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges.
Web Site for a Bangladesh Embassy Compromised with Malicious Docs
The web site for the Bangladeshi Embassy in Cairo has been compromised so that it distributes malicious Word documents, which install malware downloaders onto an infected computer. [...]
https://www.bleepingcomputer.com/news/security/web-site-for-a-bangladesh-embassy-compromised-with-malicious-docs/
The web site for the Bangladeshi Embassy in Cairo has been compromised so that it distributes malicious Word documents, which install malware downloaders onto an infected computer. [...]
https://www.bleepingcomputer.com/news/security/web-site-for-a-bangladesh-embassy-compromised-with-malicious-docs/
BleepingComputer
Web Site for a Bangladesh Embassy Compromised with Malicious Docs
The web site for the Bangladeshi Embassy in Cairo has been compromised so that it distributes malicious Word documents, which install malware downloaders onto an infected computer.
Cyber-Espionage Group Customizes Old, Public Tools
A cyber-espionage threat actor believed to operate from China relies for its activities on publicly available tools; the source code for some of them has been released as early as 2007. [...]
https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
A cyber-espionage threat actor believed to operate from China relies for its activities on publicly available tools; the source code for some of them has been released as early as 2007. [...]
https://www.bleepingcomputer.com/news/security/cyber-espionage-group-customizes-old-public-tools/
BleepingComputer
Cyber-Espionage Group Customizes Old, Public Tools
A cyber-espionage threat actor believed to operate from China relies for its activities on publicly available tools; the source code for some of them has been released as early as 2007.
TLS 1.3 Support Coming to iOS 12.2, Enabled System-Wide in Beta Releases
TLS 1.3, the next major version of the Transport Layer Security (TLS) protocol, will be available in iOS 12.2 and it can already be tested by iOS users willing to install the iOS 12.2 Beta 3 release. [...]
https://www.bleepingcomputer.com/news/security/tls-13-support-coming-to-ios-122-enabled-system-wide-in-beta-releases/
TLS 1.3, the next major version of the Transport Layer Security (TLS) protocol, will be available in iOS 12.2 and it can already be tested by iOS users willing to install the iOS 12.2 Beta 3 release. [...]
https://www.bleepingcomputer.com/news/security/tls-13-support-coming-to-ios-122-enabled-system-wide-in-beta-releases/
BleepingComputer
TLS 1.3 Support Coming to iOS 12.2, Enabled System-Wide in Beta Releases
TLS 1.3, the next major version of the Transport Layer Security (TLS) protocol, will be available in iOS 12.2 and it can already be tested by iOS users willing to install the iOS 12.2 Beta 3 release.
AltFS Fileless File System Aims to Evades Detection by Security Software
Exclusive: Researchers from SafeBreach have developed an open source library that creates a fileless file system residing in operating system resources such as the Windows Registry, WMI, or the user defaults system in macOS. This system was created to illustrate how a fileless file system framework could be created to help security s [...]
https://www.bleepingcomputer.com/news/security/altfs-fileless-file-system-aims-to-evades-detection-by-security-software/
Exclusive: Researchers from SafeBreach have developed an open source library that creates a fileless file system residing in operating system resources such as the Windows Registry, WMI, or the user defaults system in macOS. This system was created to illustrate how a fileless file system framework could be created to help security s [...]
https://www.bleepingcomputer.com/news/security/altfs-fileless-file-system-aims-to-evades-detection-by-security-software/
BleepingComputer
AltFS Fileless File System Aims to Evades Detection by Security Software
Exclusive: Researchers from SafeBreach have developed an open source library that creates a fileless file system residing in operating system resources such as the Windows Registry, WMI, or the user defaults system in macOS. This system was created to illustrateβ¦
New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. [...]
https://www.bleepingcomputer.com/news/security/new-elevation-of-privilege-vulnerability-found-in-cisco-webex-meetings/
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges. [...]
https://www.bleepingcomputer.com/news/security/new-elevation-of-privilege-vulnerability-found-in-cisco-webex-meetings/
BleepingComputer
New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings
A vulnerability found in the update service of the Cisco Webex Meetings Desktop App for Windows could allow an unprivileged local attacker to elevate privileges and run arbitrary commands using the SYSTEM user privileges.