Tuesday, February 18, 2020

Microsoft to deploy ElectionGuard voting software for the first time tomorrow

Residents in Fulton, Wisconsin will elect representatives for the Wisconsin Supreme Court via voting machines running Microsoft's ElectionGuard voting software.

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

Same bug can also let attackers gain access to the admin account.

Israeli soldiers tricked into installing malware by Hamas agents posing as women

IDF: Six social media accounts were redirecting soldiers to installing three malware-infected apps.

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world

Iranian hackers have targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies.

IOTA cryptocurrency shuts down entire network after wallet hack

Hackers exploit vulnerability in official IOTA wallet to steal millions

Second Windows 10 update is now causing problems by hiding user profiles

Botched Windows 10 KB4532693 update is hiding user profiles. Uninstalling update fixes problems.

Unknown number of Bluetooth LE devices impacted by SweynTooth vulnerabilities

BLE software kits from six chipset vendors impacted. More vendor names to be revealed soon.

OpenSSH adds support for FIDO/U2F security keys

OpenSSH 8.2 adds support for authentication via FIDO/U2F protocols, most commonly used with hardware security keys.

There’s finally a way to remove xHelper, the unremovable Android malware

Malwarebytes researchers find a way to remove the malware, but they still don't know how it really operates.

US Cyber Command, DHS, and FBI expose new North Korean malware

US government agencies send out alert about new North Korean malware and phishing campaign.

UK police deny responsibility for poster urging parents to report kids for using Kali Linux

Using Discord, too, is apparently a warning sign that your child is turning into a naughty hacker.

MOBE ’six-figure income from home’ swindlers to pay FTC $17m, hand over tropical island real estate

21 steps, thousands of dollars, and the secret to easy cash was revealed.

Nedbank says 1.7 million customers impacted by breach at third-party provider

Hacker(s) believed to have exploited a vulnerability to breach Nedbank's marketing contractor.

Rutter’s store chain discloses security breach involving POS malware

Security breach impacts locations in Pennsylvania and West Virginia.

Ohio man arrested for running Bitcoin mixing service that laundered $300 million

This is the first case the DOJ has brought against a Bitcoin mixer.

US charges Huawei with racketeering and conspiracy to steal trade secrets

US updates charges against Huawei, adds racketeering and IP theft allegations against the Chinese telco provider and its CFO.

Critical XSS vulnerability patched in WordPress plugin GDPR Cookie Consent

The plugin is actively installed on over 700,000 websites.

Google removes 500+ malicious Chrome extensions from the Web Store

A network of malicious Chrome extensions was injecting malicious ads in millions of Chrome installs.

MIT researchers disclose vulnerabilities in Voatz mobile voting election app

Researchers say Voatz security flaws could allow someone to alter, stop, or expose how an individual user has voted.

Loda Trojan revitalized with stealthy upgrade, new exploits

The RAT has graduated from infancy and is fast becoming a threat that should be taken seriously.

Sensitive plastic surgery images exposed online

Researchers at VPN advisory company vpnMentor have found yet another online data exposure caused by a misconfigured cloud database.

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

12 hottest new cybersecurity startups at RSA 2020

Starting on February 24, the RSA Conference (RSAC) 2020 gives security vendors old and new a chance to demonstrate their capabilities. The event has become an attractive venue for startups to make their debut. This year’s crop will be...

Hundreds of Millions of PC Components Still Have Hackable Firmware

The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.

Remote Wipe Plugin Bug Hits 200,000+ WordPress Sites

Remote Wipe Plugin Bug Hits 200,000+ WordPress SitesSecurity researchers are warning of a new plugin vulnerability which is exposing over 200,000 WordPress sites to the risk of being remotely wiped by an attacker. The problem lies with versions 1.3.4 and...