Wednesday, December 11, 2019

Smart Krampus-3PC Malware Targets iPhone Users

The malware affected 100 different online publishers.

Serious Security Flaws Found in Children’s Connected Toys

Several toys that were tested have been found lacking authentication measures, opening them up to an array of insidious attacks.

Apple Fixes ‘AirDoS’ Bug That Cripples Nearby iPhones, iPads

Apple fixes bug that allows nearby hackers to render iPads and iPhones unusable.

Signal Tests Upgraded Cryptography for Groups Function

Signal, the encrypted messaging platform, is planning to launch an upgraded secure group messaging and communities function. Signal’s groups are private, meaning that the service itself doesn’t keep a record of a user’s group memberships, group titles, group avatars...

Modern Intel CPUs Plagued By Plundervolt Attack

The Intel attack uses a similar technique that gamers commonly use to overclock their CPUs.

Lazarus APT Collaborates with Trickbot’s Anchor Project

An unprecedented connection between the North Korean APT and the crimeware giant spells trouble for global banks and other cybercrime targets.

Microsoft Zaps Actively Exploited Zero-Day Bug

December 2019's relatively light Patch Tuesday update also fixes seven critical flaws.

Cyberattack Downs Pensacola’s City Systems

The cyberattack comes days after a shooting at U.S. military base Naval Air Station Pensacola rocked the city.

Snatch Team Steals Data and Hammers Orgs with Ransomware

Snatch has burst on the scene, featuring an array of executables and tools for carrying out carefully orchestrated attacks.

Adobe Fixes 17 Critical Acrobat, Photoshop and Brackets Flaws

The patches are part of Adobe's regularly-scheduled fixes.

Amazon’s Blink Smart Security Cameras Open to Hijack

Amazon is rolling out patches for the vulnerabilities and users are urged to confirm their device is updated to firmware version 2.13.11 or later.

Download: The 2020 Cybersecurity Salary Survey Results

Today you can access the aggregated and analyzed 2020 Cybersecurity Salary Survey Results and gain insight into the main ranges and factors of current cybersecurity salaries.

DHS Rolls Back Facial-Recognition Expansion Plan

Biometric facial scanning won’t be a requirement for all U.S. citizens traveling internationally after all, the department decided.

Birth Certificate Data Laid Bare on the Web in Multiple States

A platform that allows online applications for copies of birth certificates did not store its data properly.

Romanian Duo Receives Jailtime For Infecting 400,000 With Malware

Since 2007, the two allegedly operated a cybercrime ring called "Bayrob Group."

Elder Scrolls Online Targeted by Cybercrooks Hunting In-Game Loot

A phishing attack is masquerading as messages from the game's developers.

GE, Dunkin’, Forever 21 Caught Up in Broad Internal Document Leak

A PR and marketing provider exposed sensitive data for a raft of big-name companies.

Reddit Says Influence Campaign is Behind Leaked U.S.-U.K. Trade Documents

The platform has linked documents posted on its site to a vote-manipulation campaign already observed on Facebook earlier this year.

Email Voted a Weak Link for Election Security, with DMARC Lagging

Most counties are not protected from impersonation-based spearphishing attacks.

Feds Crack Down on Money Mules, Warn of BEC Scams

Authorities say they have halted over 600 domestic money mules – exceeding the 400 money mules stopped last year.
SC Magazine

Pensacola confirms ransomware attack

Pensacola officials confirmed that an ongoing cyberattack that began early Saturday morning is a ransomware attack. While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...

Trickbot Operators Now Selling Attack Tools to APT Actors

North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Brian Krebs

The Great $50M African IP Address Heist

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...

Intel Issues Fix for ‘Plundervolt’ SGX Flaw

Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
TechRepublic

How to stop spam calls right now

Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.