Wednesday, June 19, 2019
Security Now

SN 719: Exim Under Siege

• A new DRAM problem called "RAMBleed"• A bad Linux TCP SACK server kernel crashing flaw• Last week's patch Tuesday• A Bluetooth surprise• Another useless warning about the BlueKeep vulnerability• Microsoft misses a 90-day Tavis Ormandy deadline• Good news...
Security Now

SN 718: Update Exim Now!

• SandboxEscaper drops another 0-day• The still-not-yet-widely-exploited BlueKeep vulnerability• GoldBrute Botnet pounding on RDP servers (but not yet using BlueKeep)• The FBI issued an interesting advisory about not trusting secure sites just because they're secure• VLC receives 33 security...
Security Now

SN 717: The Nansh0u Campaign

• Checking in on the BlueKeep RDP vulnerability• The planned shutdown of one of the most "successful" affiliate-based ransomware systems• An update on the anti-Robocalling problem• Russian and Chinese militaries plan to quit using Windows• Apple's announcement yesterday of...
Security Now

SN 716: RDP – Really Do Patch

• The Internet is Doomed: BlueKeep Attacks Windows Remote Desktop Protocol• Google Stores Unhashed G Suite Passwords• Sandbox Escaper Drops FIVE New Zero-Day Exploits• Microsoft's Just-released Win10 Feature Update 1903• Security Enhancements in Firefox's Release 67We invite you to...
Security Now

SN 715: CPU.fail

This Week's Stories• The next round of Intel processor information leakage problems: Microarchitectural Data Sampling vulnerabilities• Last Tuesday's patches from Microsoft, Abode and Apple includes one for Windows XP• Security problem for Cisco that ever has stock analysts taking...
Security Now

SN 714: Android ‘Q’

This Week's Stories• Update WhatsApp NOW!• Security News from Google I/O 2019 conference• A new exploitable flaw in all Linux kernels earlier than v5.0.8• A new set of flaws affecting all Intel processors known as "ZombieLoad"• Security enhancements in...
Security Now

SN 713: Post-Coinhive Cryptojacking

This Week's Stories• The continuing and changing world of cryptojacking after Coinhive closed their doors last month.• Google's announcement of self-expiring data retention• The mess arising from Mozilla's intermediate certificate expiration• Another wrinkle in the exploit marketplace• Mozilla's announcement...
Security Now

SN 712: Credential Stuffing Attacks

• The large and emerging threat of website credential stuffing attacks.• Privacy fallout from our recent coverage of Facebook and Google• The uptake rate of recent Windows 10 feature releases• The source of the A/V troubles with the April...
Security Now

SN 711: DNSpionage

Top Security Stories this Week:• Google uses its "SensorVault" to help catch the bad guys.• Time to update Drupal again.• Facebook steals users' email contact lists, logs plaintext Instagram passwords• Russia moves closer to adopting "Internet Master Cutoff Switch"...
Security Now

SN 710: DragonBlood

• DragonBlood: the first effective attack on the new WPA3 protocol• Malicious use of the URL tracking "ping" attribute• The WinRAR Nightmare• More 3rd-party A/V troubles with Microsoft• What good did April's patch Tuesday accomplish?• Adobe 's big patch...
Security Now

SN 709: URL “Ping” Tracking

This Week's StoriesYet another capitulation in the (virtually lost) battle against tracking our behavior on the Internet with URL "ping" tracking.UK government's plan to legislate, police and enforce online social media contentMicrosoft's Chromium-based Edge browser's securityImprovements to Windows 10's...
Security Now

SN 708: Android Security

Android Security, 10 Years LaterWinRAR, a 20+ Year Old Tool With 500M Users, Acknowledged VulnerabilityRussian GPS Hacking and What It Means For UsAndroid's April Fools Day PatchesTesla Autopilot SpoofingThe ASUS "ShadowHammer" AttackWindows 10 (last) October 2018 UpdateA VMware UpdateWe...
Security Now

SN 707: Tesla, Pwned

Results of the much anticipated Mid-March Vancouver Pwn2Own competitionThe return of "Clippy", Microsoft's much-loathed dancing paperclipOperation "ShadowHammer" which reports say compromised ASUS (... but did it?)The ransomware attack on Norsk Hydro aluminumThe surprise renaming of Windows DefenderA severe bug...
Security Now

SN 706: Open Source eVoting

Last week's Patch Tuesday March MadnessWin7 SHA256 Windows Update... UpdateMany attacks leveraging the recently discovered WinRAR vulnerabilityWhat happens when Apple, Google, and GoDaddy all drop a bit?A big recent jump in Mirai Botnet CapabilityCompromised Counter-Strike gaming serversPrivacy enhancements coming...
Security Now

SN 705: SPOILER

0-day exploit bidding warNSA releases Ghidra v9Firefox's adds Tor privacyA pair of nasty 0-daysA worrisome breach at CitrixThe risk of claiming to be an unhackable aftermarket car alarmA new and interesting "Windows developers chatting with users" idea at MicrosoftA...

6 Security Tips That’ll Keep the Summer Fun

Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
TechRepublic

How AI-enhanced malware poses a threat to your organization

Malware controlled by artificial intelligence could create more convincing spam, avoid security detection, and better adapt itself to each target, says a new report from Malwarebytes.
TechRepublic

Tech news roundup: HPE Discover 2019, Facebook’s Libra cryptocurrency, and Google Cloud’s debacle

This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.
SC Magazine

ACLU tells Ga. Supreme Court Fourth Amendment should apply to personal data stored by cars

Fourth Amendment protections should apply to personal data in a car’s Event Data Recorder, the American Civil Liberties Union (ACLU) will argue before the Georgia Supreme Court today. The state’s high court is hearing oral arguments in Mobley v. State, which challenges law...
PC Mag

Can Anything Protect Us From Deepfakes?

Along with fake news, forged videos have become a national security concern, especially as the 2020 presidential elections draw near. Researchers at the University of Surrey have developed a solution that might solve the problem.