Tuesday, May 21, 2019
Security Affairs

US Commerce Department delays Huawei ban for 90 Days

US Commerce Department will delay 90 days before to apply the announced Huawei ban to avoid huge disruption of the operations. During the weekend, the Reuters agency revealed in exclusive that Alphabet Inc’s Google has suspended some business with Huawei...
Security Affairs

Linux kernel privilege escalation flaw CVE-2019-11815 affects RDS

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram...
Security Affairs

Google will block Huawei from using Android and its services

The Reuters agency revealed in exclusive that Alphabet Inc’s Google has suspended some business with Huawei after Trump’s ban on the telco giant. The news a bomb, Google has suspended some business with Huawei after Trump’s ban on the...
Security Affairs

Unistellar attackers already wiped over 12,000 MongoDB databases

Unistellar attackers have already wiped roughly 12,000 unsecured MongoDB databases exposed online over the past three. Every time hackers deleted a MongoDB database they left a message asking the administrators to contact them to restore the data. Unfortunately, the criminal...
Security Affairs

Facebook banned Archimedes Group, misinformation made in Israel

A new political misinformation campaign was uncovered and blocked by Facebook, this time it was not operated by Russia but Israel’s Archimedes Group Facebook uncovered and blocked a misinformation campaign powered by Israel’ Archimedes Group, the corporation used...
Security Affairs

Google ‘0Day In the Wild’ project tracks zero-days exploited in the Wild

White hat hackers at Google Project Zero are tracking cyber attacks exploiting zero-days before the vendor released security fixes. Experts at Google Project Zero are tracking cyber attacks exploiting zero-days as part of a project named 0Day ‘In the Wild.’ “Today, we’re...
Security Affairs

Microsoft renewed its Attack Surface Analyzer, version 2.0 is online

Microsoft has renewed its Attack Surface Analyzer tool to take advantage of modern, cross-platform technologies. The first version of the Attack Surface Analyzer 1.0 was released back in 2012, it aims at detecting and changes that occur in the Windows operating...
Security Affairs

A flaw in Google Titan Security Keys expose users to Bluetooth Attacks

Titan Security Keys are affected by a severe vulnerability, for this reason, Google announced it is offering a free replacement for vulnerable devices. Google announced it is offering a free replacement for Titan Security keys affected by a serious vulnerability...
Security Affairs

SAP Security Patch Day for May 2019 fixes many missing authorization checks

SAP released SAP Security Patch Day for May 2019 that includes 8 Security Notes, 5 of which are updates to previously released Notes. Five Security Notes included in SAP Security Patch Day for May 2019 addressed missing authorization checks in...
Security Affairs

Twitter inadvertently collected and shared iOS location data

Twitter confirmed revealed that a bug in its iOS app it the root cause for an inadvertent collection of location data and sharing it with a third-party. A new story of a violation of the user’s privacy made the lines,...
Security Affairs

Microsoft Patch Tuesday addresses dangerous RDS flaw that opens to WannaCry-like attacks

Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS flaw allowing WannaCry-Like attacks. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including a Windows zero-day flaw and an RDS vulnerability that can...
Security Affairs

Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder

Adobe Patch Tuesday updates for May 2019 address a critical flaw in Flash Player and more than 80 vulnerabilities in Acrobat products. Adobe Patch Tuesday updates for May 2019 address a total of 84 vulnerabilities in Acrobat and Acrobat Reader...
Security Affairs

CVE-2019-11815 Remote Code Execution affects Linux Kernel prior to 5.0.8

Security experts have found a race condition vulnerability (CVE-2019-11815) in Linux Kernel Prior to 5.0.8 that expose systems to remote code execution. Linux systems based on kernel versions prior to 5.0.8 are affected by a race condition vulnerability leading to...
Security Affairs

Security breach suffered by credit bureau Equifax has cost $1.4 Billion

Equifax revealed its earnings release related to the security breach suffered in 2017, the incident has cost about $1.4 billion plus legal fees. Equifax revealed this week its earnings release related to the security breach suffered by the credit bureau back in...
Security Affairs

Cisco Talos warns of hardcoded credentials in Alpine Linux Docker Images

Since December 2015, Alpine Linux Docker images have been shipped with hardcoded credentials, a NULL password for the root user.  Security researchers from Cisco revealed that Alpine Linux Docker images distributed via the official Docker Hub portal since December 2015 have...
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...