Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home
A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request. [...]
https://www.bleepingcomputer.com/news/security/adobe-reader-zero-day-micropatch-stops-malicious-pdfs-from-calling-home/
A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request. [...]
https://www.bleepingcomputer.com/news/security/adobe-reader-zero-day-micropatch-stops-malicious-pdfs-from-calling-home/
BleepingComputer
Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home
A micropatch is now available for a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request.
RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts
A container breakout security flaw found in the runc container runtime allows malicious containers to overwrite the host runc binary and gain root-level code execution on the host machine. [...]
https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/
A container breakout security flaw found in the runc container runtime allows malicious containers to overwrite the host runc binary and gain root-level code execution on the host machine. [...]
https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/
BleepingComputer
RunC Vulnerability Gives Attackers Root Access on Docker, Kubernetes Hosts
A container breakout security flaw found in the runc container runtime allows malicious containers to overwrite the host runc binary and gain root-level code execution on the host machine.
Microsoft States Windows Update DNS Issues are Finally Fixed
In an updated Windows 10 and Windows Server 2019 update history support article, Microsoft has stated that the Windows Update DNS issue should now be fully resolved as all local ISPs have refreshed their DNS servers and are now using the correct DNS records. [...]
https://www.bleepingcomputer.com/news/security/microsoft-states-windows-update-dns-issues-are-finally-fixed/
In an updated Windows 10 and Windows Server 2019 update history support article, Microsoft has stated that the Windows Update DNS issue should now be fully resolved as all local ISPs have refreshed their DNS servers and are now using the correct DNS records. [...]
https://www.bleepingcomputer.com/news/security/microsoft-states-windows-update-dns-issues-are-finally-fixed/
BleepingComputer
Microsoft States Windows Update DNS Issues are Finally Fixed
In an updated Windows 10 and Windows Server 2019 update history support article, Microsoft has stated that the Windows Update DNS issue should now be fully resolved as all local ISPs have refreshed their DNS servers and are now using the correct DNS records.
Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History
A macOS privacy protection bypass flaw could allow potential attackers to access data stored in restricted folders on all macOS Mojave release up to the 10.14.3 Supplemental Update released on February 7.. [...]
https://www.bleepingcomputer.com/news/security/privacy-protection-bypass-flaw-in-macos-gives-access-to-browsing-history/
A macOS privacy protection bypass flaw could allow potential attackers to access data stored in restricted folders on all macOS Mojave release up to the 10.14.3 Supplemental Update released on February 7.. [...]
https://www.bleepingcomputer.com/news/security/privacy-protection-bypass-flaw-in-macos-gives-access-to-browsing-history/
BleepingComputer
Privacy Protection Bypass Flaw in macOS Gives Access to Browsing History
A macOS privacy protection bypass flaw could allow potential attackers to access data stored in restricted folders on all macOS Mojave releases up to the 10.14.3 Supplemental Update released on February 7..
Coalition of State Attorney Generals Urge FTC to Update Identity Theft Rules
A coalition of 31 state attorneys general responded to an FTC request for public comment on its Identity Theft Rules review with an appeal to update them to allow banks and creditors to keep up with new tech designed to block identity theft attempts. [...]
https://www.bleepingcomputer.com/news/security/coalition-of-state-attorney-generals-urge-ftc-to-update-identity-theft-rules/
A coalition of 31 state attorneys general responded to an FTC request for public comment on its Identity Theft Rules review with an appeal to update them to allow banks and creditors to keep up with new tech designed to block identity theft attempts. [...]
https://www.bleepingcomputer.com/news/security/coalition-of-state-attorney-generals-urge-ftc-to-update-identity-theft-rules/
BleepingComputer
Coalition of State Attorney Generals Urge FTC to Update Identity Theft Rules
A coalition of 31 state attorneys general responded to an FTC request for public comment on its Identity Theft Rules review with an appeal to update them to allow banks and creditors to keep up with new tech designed to block identity theft attempts.
Hackers Wipe VFEmail Servers, May Shut Down After Catastrophic Data Loss
The U.S. servers of privacy-focused e-mail provider VFEmail were hacked into on February 11 and all the data was destroyed, on both the main and the backup systems. According to VFEmail's owner, the hackers did not leave a ransom note and, given the extent of the destruction, the service will most likely go offline to never return. [...]
https://www.bleepingcomputer.com/news/security/hackers-wipe-vfemail-servers-may-shut-down-after-catastrophic-data-loss/
The U.S. servers of privacy-focused e-mail provider VFEmail were hacked into on February 11 and all the data was destroyed, on both the main and the backup systems. According to VFEmail's owner, the hackers did not leave a ransom note and, given the extent of the destruction, the service will most likely go offline to never return. [...]
https://www.bleepingcomputer.com/news/security/hackers-wipe-vfemail-servers-may-shut-down-after-catastrophic-data-loss/
BleepingComputer
Hackers Wipe VFEmail Servers, May Shut Down After Catastrophic Data Loss
The U.S. servers of privacy-focused e-mail provider VFEmail were hacked into on February 11 and all the data was destroyed, on both the main and the backup systems. According to VFEmail's owner, the hackers did not leave a ransom note and, given the extentβ¦
Adobe Releases Security Fixes for Flash Player, ColdFusion, and More
Adobe has published their monthly Patch Tuesday updates for the month of February 2019. These updates are for Flash Player, Creative Cloud Desktop Application, and ColdFusion. [...]
https://www.bleepingcomputer.com/news/security/adobe-releases-security-fixes-for-flash-player-coldfusion-and-more/
Adobe has published their monthly Patch Tuesday updates for the month of February 2019. These updates are for Flash Player, Creative Cloud Desktop Application, and ColdFusion. [...]
https://www.bleepingcomputer.com/news/security/adobe-releases-security-fixes-for-flash-player-coldfusion-and-more/
BleepingComputer
Adobe Releases Security Fixes for Flash Player, ColdFusion, and More
Adobe has published their monthly Patch Tuesday updates for the month of February 2019. These updates are for Flash Player, Creative Cloud Desktop Application, and ColdFusion.
Windows Malware Runs on Macs, Bypasses Gatekeeper to Target Software Pirates
If it wasn't already obvious, pirating software is a risky business and this was again proven by a set of malicious executables targeting macOS users with info stealers and adware, and compiled as Windows EXE binaries with the help of the open source Mono framework. [...]
https://www.bleepingcomputer.com/news/security/windows-malware-runs-on-macs-bypasses-gatekeeper-to-target-software-pirates/
If it wasn't already obvious, pirating software is a risky business and this was again proven by a set of malicious executables targeting macOS users with info stealers and adware, and compiled as Windows EXE binaries with the help of the open source Mono framework. [...]
https://www.bleepingcomputer.com/news/security/windows-malware-runs-on-macs-bypasses-gatekeeper-to-target-software-pirates/
BleepingComputer
Windows Malware Runs on Macs, Bypasses Gatekeeper to Target Software Pirates
If it wasn't already obvious, pirating software is a risky business and this was again proven by a set of malicious executables targeting macOS users with info stealers and adware, and compiled as Windows EXE binaries with the help of the open source Monoβ¦
Dunkin' Donuts Issues Alert for Credential Stuffing Attack, Passwords Reset
Dunkin' Donuts has issued a security notification alerting users of their DD Perks reward program that their accounts may have been involved in a credential stuffing attack. This attack may have allowed third-parties to gain access to some of their account information. [...]
https://www.bleepingcomputer.com/news/security/dunkin-donuts-issues-alert-for-credential-stuffing-attack-passwords-reset/
Dunkin' Donuts has issued a security notification alerting users of their DD Perks reward program that their accounts may have been involved in a credential stuffing attack. This attack may have allowed third-parties to gain access to some of their account information. [...]
https://www.bleepingcomputer.com/news/security/dunkin-donuts-issues-alert-for-credential-stuffing-attack-passwords-reset/
BleepingComputer
Dunkin' Donuts Issues Alert for Credential Stuffing Attack, Passwords Reset
Dunkin' Donuts has issued a security notification alerting users of their DD Perks reward program that their accounts may have been involved in a credential stuffing attack. This attack may have allowed third-parties to gain access to some of their account information.
TrickBot Banking Trojan Now Steals RDP, VNC, and PuTTY Credentials
The infamous Trickbot banking Trojan's password stealer module has been recently upgraded to grab credentials used to authenticate to remote servers using VNC, PuTTY, and Remote Desktop Protocol (RDP).. [...]
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-now-steals-rdp-vnc-and-putty-credentials/
The infamous Trickbot banking Trojan's password stealer module has been recently upgraded to grab credentials used to authenticate to remote servers using VNC, PuTTY, and Remote Desktop Protocol (RDP).. [...]
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-now-steals-rdp-vnc-and-putty-credentials/
BleepingComputer
TrickBot Banking Trojan Now Steals RDP, VNC, and PuTTY Credentials
The infamous Trickbot banking Trojan's password stealer module has been recently upgraded to grab credentials used to authenticate to remote servers using VNC, PuTTY, and Remote Desktop Protocol (RDP)..
Windows 10 February 2019 Cumulative Updates Released With Fixes
It's Patch Tuesday and new cumulative updates are rolling out! The focus of Windows 10's February 2019 cumulative update is on addressing the security issues and the general issues reported in the past few weeks. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-february-2019-cumulative-updates-released-with-fixes/
It's Patch Tuesday and new cumulative updates are rolling out! The focus of Windows 10's February 2019 cumulative update is on addressing the security issues and the general issues reported in the past few weeks. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-february-2019-cumulative-updates-released-with-fixes/
BleepingComputer
Windows 10 February 2019 Cumulative Updates Released With Fixes
It's Patch Tuesday and new cumulative updates are rolling out! The focus of Windows 10's February 2019 cumulative update is on addressing the security issues and the general issues reported in the past few weeks.
Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates
Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled. [...]
https://www.bleepingcomputer.com/news/security/microsoft-patches-privexchange-vulnerability-in-february-quarterly-updates/
Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled. [...]
https://www.bleepingcomputer.com/news/security/microsoft-patches-privexchange-vulnerability-in-february-quarterly-updates/
BleepingComputer
Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates
Microsoft patched the PrivExchange privilege escalation vulnerability which affected Microsoft Exchange Server 2010 and newer installations where Exchange Web Services (EWS) and Push Notifications were enabled.
Microsoft February 2019 Patch Tuesday Includes Fixes for 70 Vulnerabilities
Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2019-patch-tuesday-includes-fixes-for-70-vulnerabilities/
Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2019-patch-tuesday-includes-fixes-for-70-vulnerabilities/
BleepingComputer
Microsoft February 2019 Patch Tuesday Includes Fixes for 70 Vulnerabilities
Today is Microsoft's February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code executionβ¦
Windows 7 KB4486563 and Windows 8.1 KB4487000 Released
The February 2019 patches are also rolling out to PCs with Windows 7 and 8.1. The new monthly rollups for Windows 7 and Windows 8.1 comes with general security fixes and improvements. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-7-kb4486563-and-windows-81-kb4487000-released/
The February 2019 patches are also rolling out to PCs with Windows 7 and 8.1. The new monthly rollups for Windows 7 and Windows 8.1 comes with general security fixes and improvements. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-7-kb4486563-and-windows-81-kb4487000-released/
BleepingComputer
Windows 7 KB4486563 and Windows 8.1 KB4487000 Released
The February 2019 patches are also rolling out to PCs with Windows 7 and 8.1. The new monthly rollups for Windows 7 and Windows 8.1 comes with general security fixes and improvements.
Weird Phishing Campaign Uses Links With Almost 1,000 Characters
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enough to make anyone suspicious. [...]
https://www.bleepingcomputer.com/news/security/weird-phishing-campaign-uses-links-with-almost-1-000-characters/
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enough to make anyone suspicious. [...]
https://www.bleepingcomputer.com/news/security/weird-phishing-campaign-uses-links-with-almost-1-000-characters/
BleepingComputer
Weird Phishing Campaign Uses Links With Almost 1,000 Characters
A targeted phishing campaign is underway that states your email has been blacklisted and then asks you to confirm it by entering your credentials. For some reason, this campaign is using phishing links that can contain almost 1,000 characters, which is enoughβ¦
Microsoft Releases the February 2019 Updates for Office
Microsoft released the February 2019 Office Update containing a list of 19 security updates and 28 non-security updates, while also updating the Click-To-Run Office 2013 version to 15.0.5111.1001 in the process. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-february-2019-updates-for-office/
Microsoft released the February 2019 Office Update containing a list of 19 security updates and 28 non-security updates, while also updating the Click-To-Run Office 2013 version to 15.0.5111.1001 in the process. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-february-2019-updates-for-office/
BleepingComputer
Microsoft Releases the February 2019 Updates for Office
Microsoft released the February 2019 Office Update containing a list of 19 security updates and 28 non-security updates, while also updating the Click-To-Run Office 2013 version to 15.0.5111.1001 in the process.
The Scarlet Widow Gang Entraps Victims Using Romance Scams
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak. [...]
https://www.bleepingcomputer.com/news/security/the-scarlet-widow-gang-entraps-victims-using-romance-scams/
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak. [...]
https://www.bleepingcomputer.com/news/security/the-scarlet-widow-gang-entraps-victims-using-romance-scams/
BleepingComputer
The Scarlet Widow Gang Entraps Victims Using Romance Scams
We often hear about sextortion, business email compromise (BEC), and inheritance scams, but the often overlooked "Romance Scams" could be the most insidious of them all. Not only do victims lose money, but the emotional entanglement ultimately leads to heartbreak.
Canonical Snapd Vulnerability Gives Root Access in Linux
A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges. [...]
https://www.bleepingcomputer.com/news/security/canonical-snapd-vulnerability-gives-root-access-in-linux/
A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has released to PoCs that use different methods to elevate privileges. [...]
https://www.bleepingcomputer.com/news/security/canonical-snapd-vulnerability-gives-root-access-in-linux/
BleepingComputer
Canonical Snapd Vulnerability Gives Root Access in Linux
A researcher has discovered a new vulnerability called "Dirty_Sock" in the REST API for Canonical's snapd daemon that can allow attackers to gain root access on Linux machines. To illustrate how these vulnerabilities can be exploited, the researcher has releasedβ¦
New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules. [...]
https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules. [...]
https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/
BleepingComputer
New Astaroth Trojan Variant Exploits Anti-Malware Software to Steal Info
A new Astaroth Trojan campaign targeting Brazil and European countries is currently exploiting the Avast antivirus and security software developed by GAS Tecnologia to steal information and load malicious modules.
Cisco Network Assurance Engine Bug Allows Login with Old Passwords
Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access to a device via its CLI using the previous password. [...]
https://www.bleepingcomputer.com/news/security/cisco-network-assurance-engine-bug-allows-login-with-old-passwords/
Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access to a device via its CLI using the previous password. [...]
https://www.bleepingcomputer.com/news/security/cisco-network-assurance-engine-bug-allows-login-with-old-passwords/
BleepingComputer
Cisco Network Assurance Engine Bug Allows Login with Old Passwords
Cisco has issue a security advisory for Cisco Network Assurance Engine (NAE) Release 3.0(1) for a bug that causes password changes done via NAE to not be synchronized to the CLI of the associated device. This would allow a user to be able to gain access toβ¦