Saturday, July 11, 2020
SecurityWeek

Facebook Offering Big Rewards for Vulnerabilities in Hermes, Spark AR

Facebook announced on Friday that it’s offering significant rewards through its bug bounty program for vulnerabilities found in Hermes and Spark AR. read more
SecurityWeek

Google Updates Policies to Reject Ads for Spyware

Google this week announced that, starting next month, an update to its policy will effectively result in the rejection of ads for surveillance technology. read more
SecurityWeek

Zoom Working on Patch for Code Execution Vulnerability in Windows Client

Zoom is working on resolving a remote code execution vulnerability affecting the Windows client, but a third-party fix has been made available for users who don’t want to wait for the official patch. On Thursday, ACROS Security announced the availability...
SecurityWeek

Juniper Networks Patches Critical Vulnerabilities in Firewalls

Juniper Networks this week informed customers that it has patched many vulnerabilities in its products, mostly ones that can be exploited for denial-of-service (DoS) attacks. read more
SecurityWeek

Security Automation Challenges to Adoption: Overcoming Preliminary Obstacles

For Most Organizations, the Full Capabilities of Security Automation Are Still Untapped read more
SecurityWeek

Evilnum Group Targets Fintech Companies in Europe

For the past two years, a threat group tracked as Evilnum has been observed targeting financial technology companies, mainly ones located in the European Union and the U.K., ESET reports. read more
SecurityWeek

UK, Australia Investigate Clearview Facial Recognition Firm

Privacy watchdogs in Britain and Australia have opened a joint investigation into facial recognition company Clearview AI over its use of personal data “scraped” off social media platforms and other websites. read more
SecurityWeek

Hackers Scanning for Citrix Systems Affected by Recent Vulnerabilities

Hackers are apparently scanning the web for systems affected by the recently disclosed Citrix vulnerabilities, which the vendor suggested are less likely to be exploited. read more
SecurityWeek

Vulnerabilities in Popular Open Source Management Tool Expose Hospitals to Attacks

A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server. read more
SecurityWeek

Honeywell Sees Rise in USB-Borne Malware That Can Cause Major ICS Disruption

Honeywell says it has seen a significant increase over the past year in USB-borne malware that can cause disruption to industrial control systems (ICS). read more
SecurityWeek

Researchers Find Pre-Installed Malware on More Android Phones in U.S.

Following a January report on malware found pre-installed on smartphones sold in the United States to budget-conscious users, Malwarebytes has discovered another mobile device riddled with malware from the get-go. read more
SecurityWeek

Germany Seizes Server Hosting Pilfered U.S. Police Files

At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last...
SecurityWeek

Microsoft Adds New Data Corruption Preventions to Windows

Microsoft this week announced Kernel Data Protection (KDP), new technology that aims to protect the Windows kernel and drivers from data corruption attacks. read more
SecurityWeek

Palo Alto Networks Patches Command Injection Vulnerabilities in PAN-OS

Palo Alto Networks informed customers on Wednesday that it has patched two high-severity vulnerabilities in PAN-OS, the software running on the company’s firewalls. read more
SecurityWeek

Powerful Conti Ransomware Emerges

A new ransomware family packs multiple unique features, including to improve performance and give its operators the option to only target networked SMB shares, VMware-owned Carbon Black reveals. read more
SecurityWeek

Cyberattack Simulation Company XM Cyber Raises $17 Million

XM Cyber, an Israel-based company that offers a cyberattack simulation platform, announced on Thursday that it raised $17 million in a Series B funding round. The latest funding round, which brings the total raised by the firm to $49 million,...
SecurityWeek

Google Patches Critical Android Vulnerabilities With July 2020 Updates

Several critical remote code execution vulnerabilities were addressed in Android this week with the release of the July 2020 set of security patches, including three in the media framework and system components. read more
SecurityWeek

Over 5 Billion Unique Credentials Offered on Cybercrime Marketplaces

More than 15 billion username and password pairs have been offered on cybercrime marketplaces, including over 5 billion unique credentials, according to a report published on Wednesday by San Francisco-based risk protection solutions provider Digital Shadows. read more
SecurityWeek

Huawei Urges UK Not to Rush Into 5G Decision

Chinese telecoms giant Huawei urged Britain on Wednesday not to rush into taking any costly decision to phase out its equipment from the UK's 5G network because of US sanctions. read more
SecurityWeek

Magecart Group Hits 570 Websites in Three Years

Over the past three years, one of the groups operating under the Magecart umbrella has targeted over 570 e-commerce websites and likely made more than $7 million, threat intelligence company Gemini Advisory reports. read more

Windows 10 Security Game-Changer As Microsoft Reveals New Hacker Protection

Microsoft is set to bring a powerful new security feature to Windows 10 that just might be a game-changer.

15 Billion Stolen Logins Are Circulating on the Dark Web

Plus: Facebook's Roger Stone takedown, the BlueLeaks server seizure, and more of the week's top security news.
The Hacker News

Exclusive: Any Chingari App (Indian TikTok Clone) Account Can Be Hacked Easily

Following vulnerability disclosure in the Mitron app, another viral TikTok clone in India has now been found vulnerable to a critical but easy-to-exploit authentication bypass vulnerability, allowing anyone to hijack any user account and tamper with their information, content,...

Is TikTok Seriously Dangerous—Do You Need To Delete It?

Here's the reality behind all the headlines...

iPhone User Sues LinkedIn For Reading Clipboard Data After iOS 14 Alert Revelations

The fallout from Apple's new iOS 14 privacy notification feature continues as one iPhone user files a class-action lawsuit against LinkedIn for silently reading clipboard data.