News aggregator

Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable

THN - Thu, 14/05/2020 - 07:24
Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward

Update now! Windows gets another bumper patch update

Sophos - Naked Security - Thu, 14/05/2020 - 06:36
Windows users won't have to fix ‘big’ exploited or public flaws this month, but May's Patch Tuesday is one of the biggest patch rounds.

Beware the DHL delivery message email – it could be a package scam

Sophos - Naked Security - Wed, 13/05/2020 - 13:29
Here's a DHL delivery scam with a simple twist - simplicity and a total lack of drama...

Researcher Spots New Malware Claimed to be 'Tailored for Air‑Gapped Networks'

THN - Wed, 13/05/2020 - 11:54
A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed 'Ramsay,' the malware is still under development with two more variants (v2.a and v2.b) spotted in the

U.S Defence Warns of 3 New Malware Used by North Korean Hackers

THN - Wed, 13/05/2020 - 06:35
Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from

TikTok’s handling of child privacy gets another watchdog’s attention

Sophos - Naked Security - Wed, 13/05/2020 - 06:25
Use of the kid-addicting, video-sharing app is exploding during lockdown, triggering yet another inquiry into how safe it is for young ones.

Criminal forum trading stolen data suffers ironic data breach

Sophos - Naked Security - Wed, 13/05/2020 - 06:17
Someone on the dark web is touting for sale an unusual database a lot of people might pay handsomely to get their hands on.

Thunderspy – why turning your computer off is a cool idea!

Sophos - Naked Security - Tue, 12/05/2020 - 12:01
Thunderbolt ports can provide direct access to the memory in your laptop... just how hard is it for crooks to do so when you aren't looking?

Huge toll of ransomware attacks revealed in Sophos report

Sophos - Naked Security - Tue, 12/05/2020 - 11:13
To understand the scope of the ransomware threat, Sophos commissioned a study into the state of ransomware 2020.

Dating app user logins found on hacking forum

Sophos - Naked Security - Tue, 12/05/2020 - 10:05
3.5 million user logins for the MobiFriends dating app are being offered for free on a popular dark web hackers forum.

Maze ransomware one year on – a SophosLabs report

Sophos - Naked Security - Tue, 12/05/2020 - 09:45
The latest SophosLabs report tells the story of how the infamous "Maze" ransomware has evolved over the past 12 months...

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

THN - Tue, 12/05/2020 - 07:37
More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735

Cynet Offers IR Specialists Grants up to $1500 for each IR Engagement

THN - Tue, 12/05/2020 - 06:59
In the past, the autonomous breach protection company Cynet announced that it is making Cynet 360 threat detection and response platform available at no charge for IR (incident response) service providers and consultants. Today Cynet takes another step and announces a $500 grant for Incident Responders for each IR engagement in which Cynet 360 was used, with an additional $1,000 grant if the

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now

THN - Mon, 11/05/2020 - 16:11
If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn't reveal any information on the underlying security vulnerability, identified as CVE-2020-12720. Written in PHP

7 New Flaws Affect All Thunderbolt-equipped Computers Sold in the Last 9 Years

THN - Mon, 11/05/2020 - 13:28
A cybersecurity researcher today uncovers a set of 7 new unpatchable hardware vulnerabilities that affect all desktops and laptops sold in the past 9 years with Thunderbolt, or Thunderbolt-compatible USB-C ports. Collectively dubbed 'ThunderSpy,' the vulnerabilities can be exploited in 9 realistic evil-maid attack scenarios, primarily to steal data or read/write all of the system memory of a

Celebrity personal data taken in ransomware attack

Sophos - Naked Security - Mon, 11/05/2020 - 11:48
Ransomware crooks are apparently threatening to dump personal data for a long of celebs including Lady Gaga, Madonna, Nicki Minaj and more.

Clearview AI won’t sell vast faceprint collection to private companies

Sophos - Naked Security - Mon, 11/05/2020 - 06:50
… nor to anybody, even law enforcement, in the place where privacy-oblivious biometrics companies are forced to their knees: Illinois.

Microsoft opens IoT bug bounty program

Sophos - Naked Security - Mon, 11/05/2020 - 06:27
Microsoft really wants to secure the Internet of Things (IoT), and it's enlisting citizen hackers' help to do it.

Monday review – the hot 16 stories of the week

Sophos - Naked Security - Mon, 11/05/2020 - 06:07
It's weekly roundup time!

DigitalOcean Data Leak Incident Exposed Some of Its Customers Data

THN - Fri, 08/05/2020 - 19:03
DigitalOcean, one of the biggest modern web hosting platforms, recently hit with a concerning data leak incident that exposed some of its customers' data to unknown and unauthorized third parties. Though the hosting company has not yet publicly released a statement, it did has started warning affected customers of the scope of the breach via an email. According to the breach notification


Subscribe to Shiga Tecnologia aggregator