Tuesday, September 25, 2018
Security Affairs

Critical flaw affects Cisco Video Surveillance Manager

Cisco has patched a critical vulnerability in the Cisco Video Surveillance Manager (VSM) could be exploited by an unauthenticated remote attacker to gain root access. Cisco has fixed a critical vulnerability in the Cisco Video Surveillance Manager software running on...
Security Affairs

Firefox DoS issue crashes the browser and sometimes the Windows OS

A security researcher discovered a bug affecting Firefox on Mac, Linux, and Windows that could crash the browser and in some cases the underlying OS. The security researcher Sabri Haddouche from Wire discovered a bug that affects Firefox on Mac, Linux, and Windows that...
Security Affairs

Hackers target Port of Barcelona, maritime operations had not affected

The Port of Barcelona was hit by a cyber attack, fortunately, maritime operations had not affected. On September 20, 2018 morning, the Port of Barcelona was hit by a cyber attack that forced the operators of the infrastructure to launch the procedure to...
Security Affairs

Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows

A security researcher from Trend Micro Security Research team disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows. The researcher Lucas Leong of the Trend Micro Security Research team publicly disclosed an unpatched zero-day vulnerability in all supported versions...
Security Affairs

Cisco fixes Remote Code Execution flaws in Webex Network Recording Player

Cisco released security patches to fix RCE flaws in the Webex Network Recording Player for Advanced Recording Format (ARF). Cisco released security patches to address vulnerabilities in the Webex Network Recording Player for Advanced Recording Format (ARF) (CVE-2018-15414, CVE-2018-15421, and...
Security Affairs

Adobe issued a critical out-of-band patch to address CVE-2018-12848 Acrobat flaw

Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities. Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to...
Security Affairs

One year later BlueBorne disclosure, over 2 Billion devices are still vulnerable

One year after the discovery of the BlueBorne Bluetooth vulnerabilities more than 2 billion devices are still vulnerable to attacks. In September 2017, experts with Armis Labs devised a new attack technique, dubbed BlueBorne, aimed at mobile, desktop and IoT devices...
Security Affairs

ICS CERT warns of several flaws Fuji Electric Fuji Electric V-Server

Experts discovered several flaws in Fuji Electric V-Server, a tool that connects PCs within the organizations to Industrial Control Systems (ICS). Experts discovered several vulnerabilities in Fuji Electric V-Server, a tool that connects PCs within the organizations to Industrial Control Systems (ICS)...
Security Affairs

Cyber Defense Magazine – September 2018 has arrived. Enjoy it!

We hope you enjoy this month’s edition…packed with 100+ pages of excellent content.  InfoSec Knowledge is Power.  We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here.   Please tell your friends to subscribe – no...
Security Affairs

September 2018 Security Notes address a total of 14 flaws in SAP products

SAP today just released the September 2018 set of Security Notes that address a total of 14 flaws in its products, including a critical flaw in SAP Business Client. The September 2018 Security Patch Day includes other 13 Security Notes, three were rated...
Security Affairs

Microsoft Patch Tuesday updates for September 2018 also address recently disclosed Windows zero-day

Microsoft Patch Tuesday updates for September 2018 address over 60 vulnerabilities, including the recently disclosed zero-day flaw. Microsoft Patch Tuesday updates for September 2018 address 61 vulnerabilities in Internet Explorer (IE), Edge, ChakraCore, Azure, Hyper-V, Windows components, .NET Framework, SQL...
Security Affairs

Adobe Patch Tuesday for September 2018 fixes 10 flaws in Flash Player and ColdFusion

Adobe Patch Tuesday updates for September 2018 address a total of 10 vulnerabilities in Flash Player and ColdFusion, the good news is that none is severe. The Adobe Patch Tuesday updates for September 2018 addressed an important privilege escalation vulnerability (CVE-2018-15967) in Adobe...
Security Affairs

Trend Micro Apps removed from Mac App Store after being caught exfiltrating user data

Several anti-malware apps developed by Trend Micro have been removed from the Mac App Store because they were harvesting users’ browser history and other info. Several anti-malware apps developed by Trend Micro, including Dr Cleaner, Dr. Unarchiver, Dr Antivirus, and App Uninstall, have...
Security Affairs

Privacy-oriented Linux OS Tails 3.9 is out, what’s new?

The popular Debian-based distribution Tails “The Amnesiac Incognito Live System” is out. The Tails 3.9 is available online with the biggest updates this year. A new version of the popular Debian-based distribution Tails “The Amnesiac Incognito Live System” is out. The...
Security Affairs

USB Drives shipped with Schneider Solar Products were infected with malware

Schneider Electric announced that some of the USB drives it has shipped with its Conext ComBox and Conext Battery Monitor products were infected with malware. Schneider Electric has found a malicious code on the USB drives that have been shipped...

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...