Wednesday, December 11, 2019
Security Affairs

More than 44 million Microsoft user accounts are exposed to hack

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised...
Security Affairs

Adobe Patch Tuesday addresses critical flaws in four products

Adobe released the Patch Tuesday security updates for December 2019 that address flaws in Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets. Adobe Patch Tuesday security updates for December 2019 address a total of 25 flaws in Acrobat and Reader,...
Security Affairs

NordVPN announced the launch of a bug bounty program

The popular virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program. The virtual private network (VPN) service provider NordVPN announced the launch of a public bug bounty program. White hat hackers will receive payouts...
Security Affairs

Google released PathAuditor to detect unsafe path access patterns

Google has released the source code of a tool, dubbed PathAuditor, designed to help developers identify vulnerabilities related to file access. Google decided to release the source code of a tool dubbed PathAuditor designed to help developers identify vulnerabilities...
Security Affairs

Google fixes a critical DoS flaw tracked as CVE-2019-2232 in Android

Google addressed a critical vulnerability, tracked as CVE-2019-2232, that could trigger a permanent denial of service (DoS) condition in Android. Google released December 2019 security updates for its Android mobile OS that addressed several flaws, including a critical vulnerability,...
Security Affairs

OpenBSD addresses authentication bypass, privilege escalation issues

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three...
Security Affairs

Ohio Election Day cyber attack attempt traced Russian-Owned Company

Ohio detected and neutralized a cyber attack against its election systems earlier this month, it was traced to a Russian-owned company. Ohio officials thwarted a cyber attack against its election infrastructure earlier this month, the state’s elections chief announced. According...
Security Affairs

Some Fortinet products used hardcoded keys and weak encryption for communications

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR”...
Security Affairs

Federal Communications Commission has cut off government funding for equipment from Chinese firms

U.S. Federal Communications Commission has cut off government funding for equipment from Huawei and ZTE due to security concerns. U.S. Federal Communications Commission has cut off government funding for equipment from the Chinese companies Huawei and ZTE due to security...
Security Affairs

Kaspersky found dozens of flaws in 4 open-source VNC software

Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities....
Security Affairs

ENISA publishes a Threat Landscape for 5G Networks

ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an...
Security Affairs

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. Group-IB, a Singapore-based cybersecurity company: ransomware accounted for over half of all malicious mailings in H1...
Security Affairs

CTHoW v2.0 – Cyber Threat Hunting on Windows

Why did I started CTHoW? As someone with a huge passion for information security. It is always a must to keep on top of the latest TTPs of adversaries to be able to defend your network. I was always impressed...
Security Affairs

Adobe announces end of support for Acrobat 2015 and Adobe Reader 2015

Adobe announces the end of support for Acrobat 2015 and Reader 2015 It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015. It’s official, Adobe announces the end of support for Adobe Acrobat and Reader 2015,...
Security Affairs

Experts found undocumented access feature in Siemens SIMATIC PLCs

Researchers discovered a vulnerability in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could allow attackers to execute arbitrary code on vulnerable devices. Researchers discovered an undocumented access feature in Siemens SIMATIC S7-1200 programmable logic controller (PLC) that could be...
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.