Tuesday, September 25, 2018

Cybercriminals Target Kodi Media Player for Malware Distribution

A recent cryptomining campaign shows criminal ingenuity.

Adwind RAT Scurries By AV Software With New DDE Variant

The spam campaign mostly targets victims in Turkey and Germany.

Google’s Forced Sign-in to Chrome Raises Privacy Red Flags

Chrome users are now automatically signed into the browser if they're signed into any other Google service, such as Gmail.

Assessing the Human Element in Cyber Risk Analysis

The human factor doesn't have to be an intangible when assessing cyber risks within a company.

Tricky DoS Attack Crashes Mozilla Firefox

There are currently no mitigations for the Firefox attack, a researcher told Threatpost.

Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug

Up to two billion devices are still vulnerable to the BlueBorne IoT attack - and may not ever get a patch.

Critical Vulnerability Found in Cisco Video Surveillance Manager

Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.

Twitter Flaw Exposed Direct Messages To External Developers

The company said it has issued a patch for the issue, which has been ongoing since May 2017.

Delphi Packer Looks for Human Behavior Before Deploying Payload

Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.

Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

Microsoft said that it's working on a fix for a zero-day flaw in its JET Database Engine.

Lucy Gang Debuts with Unusual Android MaaS Package

The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

Vulnerability allowed an unauthenticated remote attacker to log in to a device at the time the system initially boots up.

Magecart Strikes Again, Siphoning Payment Info from Newegg

The data breach, hard on the heels of the British Airways breach, shows that Magecart is quickly evolving and shows no signs of slowing down.

Thousands of Breached Websites Turn Up MagBo Black Market

The research team said it has shared its findings with law enforcement and victims are being notified.

Mirai Masterminds Helping FBI Snuff Out Cybercrime

The three hackers behind the infamous Mirai botnet have been helping law enforcement take down cybercriminals across the globe.

Critical Out-of-Band Patch Issued for Adobe Acrobat Reader

Overall seven flaws were patched - including one critical vulnerability that could lead to arbitrary code execution.

A Hybrid Solution to Taming SOC Alert Overload

Technology can free analysts from the burden of manual and tedious tasks so they can operate at the highest level of their abilities.

XBash Malware Packs Double Punch: Destroys Data and Mines for Crypto Coins

A newly discovered malware has different capabilities for Windows and Linux systems, including ransomware and cryptomining.

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

A honeypot set up to sniff out data on infected IoT devices found a broad array of compromised devices – from Mikrotik routers to dishwashers.

State Government Online Payment Service Exposes 14M Customers

Outdated security practices made it simple to access other people's receipts for everything from traffic tickets to paying bail.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...