Saturday, November 17, 2018

Emoji Attack Can Kill Skype for Business Chat

The "Kitten of Doom" denial-of-service attack is easy to carry out.

Gmail Glitch Offers Stealthy Trick for Phishing Attacks

The issue comes from how Gmail automatically files messages into the "Sent" folder.

Critical WordPress Flaw Grants Admin Access to Any Registered Site User

The privilege-escalation vulnerability would allow an attacker to inject malware, place ads and load custom code on an impacted website.

Lock-Screen Bypass Bug Quietly Patched in Handsets

The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds.

tRat Emerges as New Pet for APT Group TA505

The modular malware seems to be in a testing phase, but TA505's interest made researchers take note.

Managing the Risk of IT-OT Convergence

Why manufacturing and logistics are especially challenged.

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

"Our advice is to stop using this watch" as mitigations are not available, researchers told Threatpost.

Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers

As consumers skip the store crowds in favor of online deals, cyberattackers have geared up to victimize them.

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.

Siemens Patches Firewall Flaw That Put Operations at Risk

The industrial company on Tuesday released mitigations for eight vulnerabilities overall.

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

Google’s G Suite, Search and Analytics Taken Down in Hijacking

Google cloud business customers were impacted by a Border Gateway Protocol hijacking.

Unpatched Android OS Flaw Allows Adversaries to Track User Location

The vulnerability is one of many with the same root cause: Cross-process information leakage.

Adobe Fixes Acrobat and Reader Flaw With Publicly-Available PoC

Overall, the company released only three patches as part of its regularly-scheduled November update.

Podcast: IoT Firms Face a ‘Tidal Wave’ of Lawsuits, Attorney Explains

An attorney in the infamous 2015 Jeep hack predicts that more lawsuits related to IoT security are looming in the future.

Emotet Campaign Ramps Up with Mass Email Harvesting Module

The new variant can exfiltrate emails for a period going back 180 days, en masse.

U.S. Chip Cards Are Being Compromised in the Millions

A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes.

Malware-Laced App Lurked on Google Play For a Year

Google Play’s policy prohibits apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play

New Boom in Facial Recognition Tech Prompts Privacy Alarms

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn.
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.