Wednesday, December 11, 2019
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.
SecurityWeek

SAP Releases 5 Security Notes on December 2019 Patch Day

SAP issued five new Security Notes this week as part of its December 2019 Security Patch Day, to which it also added 2 updates for previously released Security Notes. All of the new Security Notes released this month are rated...

Smart Krampus-3PC Malware Targets iPhone Users

The malware affected 100 different online publishers.
SecurityWeek

Plundervolt Attack Uses Voltage Changes to Steal Secrets From Intel Chips

A newly disclosed attack method targeting Intel processors employs voltage modifications to expose data protected using Intel's Software Guard Extensions (SGX). read more

What it takes to become a CISO

The chief information security officer (CISO) role has been steadily rising in importance and visibility. CISOs now carry the burden of responsibility for securing some of a company’s most valuable resources.
SecurityWeek

Plundervolt Attack Uses Voltage to Steal Data From Intel Chips

A newly disclosed attack targeting Intel processors utilizes CPU voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX).  read more

The Next Security Silicon Valley: Coming to a City Near You?

The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies - established and and startups, alike - to pursue their fortunes elsewhere. Here's where many are going.

Serious Security Flaws Found in Children’s Connected Toys

Several toys that were tested have been found lacking authentication measures, opening them up to an array of insidious attacks.
SC Magazine

Real-time phishing alerts and stolen password warnings added to Chrome

Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser. The real-time anti-phishing capabilities represents an upgrade to Google’s Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites...

Apple Fixes ‘AirDoS’ Bug That Cripples Nearby iPhones, iPads

Apple fixes bug that allows nearby hackers to render iPads and iPhones unusable.
ZDNet

Microsoft details the most clever phishing techniques it saw in 2019

This year's most clever phishing tricks include hijacking Google search results and abusing 404 error pages.
SecurityWeek

Apple Patches Over 50 Vulnerabilities in macOS Catalina

Security updates released by Apple this week address numerous vulnerabilities in macOS Catalina, iOS and iPadOS, Safari, and other software products. read more
SecurityWeek

Chrome 79 Patches Critical Vulnerabilities

Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical severity. read more

5 Tips for Keeping Your Security Team on Target

In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.

Signal Tests Upgraded Cryptography for Groups Function

Signal, the encrypted messaging platform, is planning to launch an upgraded secure group messaging and communities function. Signal’s groups are private, meaning that the service itself doesn’t keep a record of a user’s group memberships, group titles, group avatars...
SecurityWeek

How Commercial Bug Hunting Changed the Boutique Security Consultancy Landscape

It’s been almost a decade since the first commercial “for-profit” bug bounty companies launched leveraging crowdsourced intelligence to uncover security vulnerabilities and simultaneously creating uncertainty for boutique security companies around the globe. read more
Cisco

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability...
Cisco

Cisco Wireless LAN Controller HTTP Parsing Engine Denial of Service Vulnerability

A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the...

Microsoft Releases December 2019 Security Updates

Original release date: December 10, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages...

Google Releases Security Updates for Chrome

Original release date: December 10, 2019Google has released security updates for Chrome version 79.0.3945.79 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security...

Apple Releases Multiple Security Updates

Original release date: December 10, 2019Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users...