Tuesday, February 18, 2020
Security Affairs

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8 billion for cyber operations in next year’s budget for the...
Security Affairs

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak

Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak. Bad news for cybersecuritypassionates and experts, organizers of Black Hat Asia and DEF CON China...
Security Affairs

PoS malware infected systems at 71 locations operated by US store chain Rutter’s

US store chain Rutter disclosed a security breach, 71 locations were infected with a point-of-sale (POS) malware used to steal customers’ credit card information. The Rutter’s, a U.S. convenience store, fast food restaurant, and gas station chain owner, has...
Security Affairs

Microsoft recommends Exchange admins to disable the SMBv1 protocol

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot...
Security Affairs

Siemens fixed multiple DoS flaws in several products

Siemens issued Patch Tuesday updates for February 2020 that fixed serious denial-of-service (DoS) flaws in several of its products. Siemens released Patch Tuesday updates for February 2020 that address serious denial-of-service (DoS) flaws in several of its products. According to the...
Security Affairs

Patch Tuesday updates for February 2020 fix IE 0day flaw

Microsoft February 2020 Patch Tuesday updates address a total of 99 new vulnerabilities, including an Internet Explorer zero-day exploited in the wild. Microsoft has released the Patch Tuesday updates for February 2020 that address a total of 99 vulnerabilities, including an Internet...
Security Affairs

Adobe addresses 42 flaws in its five products

Adobe February 2020 Patch Tuesday updates address a total of 42 vulnerabilities in five products, dozens of them rated as critical severity. Adobe February 2020 Patch Tuesday updates address a total of 42 vulnerabilities in Framemaker, Acrobat and Reader, Flash Player, Digital...
Security Affairs

A cyber-attack on major banks could trigger a liquidity crisis, ECB President Christine Lagarde warns

The president of the European Central Bank (ECB), Christine Lagarde, is warning that a cyber-attack on a major financial institution could trigger a liquidity crisis. The president of the European Central Bank (ECB), Christine Lagarde, has warned that a...
Security Affairs

Massive DDoS attack brought down 25% Iranian Internet connectivity

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the...
Security Affairs

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

Iran-linked APT group Charming Kitten has been targeting journalists, political and human rights activists in a new campaign. Researchers from Certfa Lab reports have spotted a new cyber espionage campaign carried out by Iran-linked APT group Charming Kitten that has...
Security Affairs

Dropbox paid more than $1 Million via its bug bounty program

File hosting service company Dropbox paid out $1 million for vulnerabilities reported by researchers through its bug bounty program. Since the launch of its bug bounty program in 2014, the file-hosting company Dropbox has paid out $1 million to date...
Security Affairs

Hackers abused Twitter API to match usernames to phone numbers

Twitter discloses a security incident involving third-parties that exploited its official API to match phone numbers with Twitter usernames. On December 24, 2019 the company discovered that its API were exploited by a large network of fake accounts to match Twitter...
Security Affairs

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Russia’s Roskomnadzor watchdog wants to fine Facebook and Twitter after they refused to store data of Russian users on servers located in the country. Russia’s telecommunications watchdog Roskomnadzor has instituted administrative proceedings against Facebook and Twitter after they refused to store...
Security Affairs

The Russian Government blocked ProtonMail and ProtonVPN

The popular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. Roskomnadzor explained that the services...
Security Affairs

Microsoft announces the launch of a bug bounty program for Xbox

Microsoft announced the launch of an Xbox bug bounty program with rewards of up to $20,000 for critical remote code execution flaws. Microsoft is going to launch an Xbox bug bounty program that will pay rewards of up to $20,000...

Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...