Thursday, November 15, 2018
ZDNet

Dutch government report says Microsoft Office telemetry collection breaks GDPR

Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.
SC Magazine

‘DarkGate’ password-stealer could open up world of hurt for Windows users

Windows users in Europe are the target of a sophisticated new malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers. Named DarkGate by its developer, the malware is reportedly distributed...
The Security Ledger

Survey Finds Attacks Find Insecure IoT Devices

A survey finds vast differences in security practices linked to IoT devices in the enterprise, with attacks concentrating on insecure IoT endpoints.  The post Survey Finds Attacks Find Insecure IoT Devices appeared first on The Security Ledger.Related StoriesNigerian ISP Hijacks...

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.
SC Magazine

Bots on a plane? Bad bots cause unique cybersecurity issues for airlines

While bots are a common tool of cybercriminals for carrying out DDoS attacks and mining cryptocurrencies, a recent report found they may also be indirectly increasing the price of your airline tickets. Distil Research Lab’s Threat report, “How Bots Affect...

#InfosecNA18: Who Is Today’s CISO?

#InfosecNA18: Who Is Today's CISO?Whether it’s a question of to whom the CISO reports or quantifying what the CISO is actually responsible for, the role has changed over time, leaving many wondering how to balance the competing demands of...
SC Magazine

22,000 Kars4Kids donor’s data exposed

Thousands of donors who were able to look past the Kars4Kids ad jingle and went ahead had their information exposed when a misconfigured MongoDB made it publicly accessible. Bob Diachenko, HackenProof’s director of cyber risk research, found the 21,612 customer/donor...

Small-Time Cybercriminals Landing Steady Low Blows

High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
The Register

Another Meltdown, Spectre scare: Data-blabbing holes continue to haunt Intel, AMD, Arm

CPU slingers insist existing defenses will stop attacks – but eggheads disagree Computer security researchers have uncovered yet another set of transient execution attacks on modern CPUs that allow a local attacker to gain access to privileged data, fulfilling...
Bruce Schneier

More Spectre/Meltdown-Like Attacks

Back in January, we learned about a class of vulnerabilities against microprocessors that leverages various performance and efficiency shortcuts for attack. I wrote that the first two attacks would be just the start: It shouldn't be surprising that microprocessor designers...

Security Teams Struggle with Container Security Strategy

Fewer than 30% of firms have more than a basic container security plan in place.
The Register

Did you by chance hack OPM back in 2015? Good news, your password probably still works!

Government audit finds office still hasn't cleaned up from Obama-era megabreach More than three years after suffering one of the largest cyber-attacks in US government history, the Office of Personnel Management has yet to adopt dozens of the security...
Brian Krebs

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie. Tyler Barriss, 25,...

#InfosecNA18: Finding and Keeping Security Teams

#InfosecNA18: Finding and Keeping Security TeamsFinding and keeping talent in the cybersecurity industry is a challenge for organizations of all sizes around the globe. As a result, the talent market is highly competitive, which is why a panel of...
FireEye

FLARE VM Update

FLARE VM is the first of its kind reverse engineering and malware analysis distribution on Windows platform. Since its introduction in July 2017, FLARE VM has been continuously trusted and used by many reverse...

Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues

Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data - and are fearful of a near-term breach of critical infrastructure.
isBuzz

Albion Online Massive Multiplayer Game Hit With DDoS

In response to news that the MMORPG game Albion Online announced it was hit with a DDoS attack over the weekend which disrupted play, an expert with Corero Network Security offers perspective. Sean Newman, Director Product Management at Corero Network Security: “Online multi-player games...

Airlines Have a Big Problem with Bad Bots

Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.

Microsoft Releases November 2018 Security Updates

Original release date: November 13, 2018Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft’s...
Cisco

Cisco Small Business Switches Privileged Access Vulnerability

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account...
WMware

New VMware Security Advisory VMSA-2018-0028

Today, VMware has released the following new security advisory:   “VMSA-2018-0028 (https://www.vmware.com/security/advisories/VMSA-2018-0028.html) – VMware vRealize Log Insight updates address an authorization bypass vulnerability” This documents the remediation of a moderate severity authorization bypass vulnerability (CVE-2018-6980 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6980) in VMware vRealize Log Insight. The...
MSRC

November 2018 Security Update Release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.   More information about this month’s security updates can be found on the Security Update Guide. 

Adobe Releases Security Updates

Original release date: November 13, 2018Adobe has released security updates to address vulnerabilities in Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and...