Events
Automox.com
Console
Status
Dev Portal
Support Docs
Automox University

Community
Security News & Updates
Security News

Security News

Discuss the latest breaches and security news

200 Topics
196 Replies

When you subscribe we will email you when there is a new topic in this category

200 Topics

Recently active

Most replies Most views Newest first

Nic-AutomoxFormer Automox Employee

posted in Security News

Krebs analysis of the Twitter hack

Fascinating detective work in this article: krebsonsecurity.com Who’s Behind Wednesday’s Epic Twitter Hack? — Krebs on Security Twitter was thrown into chaos on Wednesday after accounts for some of the world's most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or...

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Malware found in Chinese tax software

Information Age Malware found in Chinese tax software Company tries to cover up tracks of GoldenSpy backdoor. found here: reddit r/technology - Malware found in Chinese tax software used by Australian... 21,602 votes and 847 comments so far on Reddit This is software that Australian companies have to use if they are doing business in China, to collect VAT. Hopefully this isn’t software you have to use @Westyy

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Bad Microsoft Office Patch

The symptom is Outlook crashing as soon as you open it. Fix in this reddit thread and MS has since fixed the patch: reddit r/sysadmin - Outlook immediately crashing on open after patching last night 2,318 votes and 662 comments so far on Reddit

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Cyberattack leads to physical damage to Iranian uranium processing facility

U.S. – 4 Jul 20 Iran threatens retaliation after what it calls possible cyber attack on... Iran will retaliate against any country that carries out cyber attacks on its nuclear sites, the head of civilian defence said, after a fire at its Natanz plant which some Iranian officials said may have been caused by cyber sabotage. Details are scant, but Iran is claiming that a cyberattack led to the fire that damaged this uranium processing facility. It’s unclear if the fire was an intentional part of the attack or just a side effect, but still pretty scary that things like this are possible now. The fire didn’t touch any of the uranium or injure anyone, fortunately.

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

US Secret Service reports an increase in hacked managed service providers (MSPs)

ZDNet US Secret Service reports an increase in hacked managed service providers... US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams. If you’re an MSP, it’s a good time to review all your security practices and maybe schedule an external pen test!

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Patch Now! Two Out of Band Patches Fix RCE in Windows

blog.automox.com Patch Now! Two Out of Band Patches Fix RCE in Windows | Automox PATCH NOW: Microsoft released out-of-band Windows patches addressing two remote code execution vulnerabilities, one rated critical and one important. Both are remote code execution vulnerabilities, one rated Critical.

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Patch your Palo Alto devices - CVE-2020-2021

This one’s a 10 on the CVSS scale, so update them all as soon as possible! Palo Alto Networks Product Security Assurance – 29 Jun 20 CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS ...

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Watching a $1.14 million ransomware negotiation between hackers and scientists searching for COVID-19 treatments

So much for ransomware groups promising not to target organizations related to the pandemic: Graham Cluley – 29 Jun 20 Watching a $1.14 million ransomware negotiation between hackers and... An anonymous tip-off to BBC News enabled them to watch in real-time as an American medical university attempted to negotiate with the hackers who had infected its systems with ransomware.

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Lucifer Malware attackes CVE-2019-9081

ZDNet Lucifer: Devilish malware that abuses critical vulnerabilities on Windows... Researchers say the powerful malware has been “wreaking havoc” on Windows hosts. There’s patches to protect against it, so make sure you have rolled them out!

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Out of band Adobe update for 18 critical vulnerabilities

threatpost.com Adobe Patches 18 Critical Flaws in Out-Of-Band Update Critical vulnerabilities were patched in Adobe After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition. No reports of exploits in the wild, but good to fix before the hackers finish building them!

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Upgrade your Cisco IOS devices - critical vulnerability

ZDNet Cisco's warning: Critical flaw in IOS routers allows 'complete system... Cisco has delivered updates to address four critical flaws affecting its industrial routers. Mishandling of authorization tokens allows malicious API calls to run arbitrary commands on an IOS device: CVE-2020-3227 Not something we can patch for you unfortunately, but you should make sure to update your Cisco devices!

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Make sure to update Zoom to 5.0 by May 30th

Zoom Video Video Conferencing, Web Conferencing, Webinars, Screen Sharing Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room systems. Zoom Rooms is the original software-based conference... They’ve added new encryption and all meetings will required Zoom 5.0 starting tomorrow.

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

20 year anniversary of the ILOVEYOU virus

Do you remember where you were when you heard about it? CNN How a badly-coded computer virus caused billions in damage Wearing a striped shirt and Matrix-style dark glasses, Onel de Guzman stared at the floor as he made his way through a crowd of photographers into a hastily arranged press conference in Quezon City, a suburb of the Philippines capital Manila. Some of you younger whippersnappers will be too young to remember this one #getoffmylawn 🙂

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Man in the Middle Phone scam

https://krebsonsecurity.com/2020/04/would-you-have-fallen-for-this-phone-scam/ This one is genius because the scammer is on with both the bank and the customer at the same time, each pretending to be the other. That allows them to gain the trust of both parties and siphon off information that allows them to make transactions.

2 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Security Breach Disrupts Fintech Firm Finastra

https://krebsonsecurity.com/2020/03/security-breach-disrupts-fintech-firm-finastra/ Finastra supports a lot of banking firms, so potential for disruption to banking operations.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Two Trend Micro zero-days exploited in the wild by hackers

ZDNet Two Trend Micro zero-days exploited in the wild by hackers | ZDNet Patches for both zero-days were released on Monday, along with fixes for three other similarly critical vulnerabilities. We don’t patch Trend Micro (yet) but I wanted to spread the word so that you can make sure to apply their patches. One of the vulnerabilities lets an attacker delete any file on a compromised system. Remember to test your restores!

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Watch out for phishing attacks that make use of the coronavirus

WSJ Hackers Target Companies With Coronavirus Scams Criminals are using concerns about the coronavirus epidemic to spread infections of their own. They are forging emails mentioning the outbreak that appear to be from business partners or public institutions in an effort to get users to open the... Something to let your users know about. Given the anxiety around the virus, they might be more likely to open attachments or believe a phishing email that purports to be news from the CDC or your company about changes to WFH policies.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Let's Encrypt to revoke 3 million certificates on March 4 due to software bug

ZDNet Let's Encrypt to revoke 3 million certificates on March 4 due to software bug... Let's Encrypt issued 3,048,289 TLS certificates without checking the CAA field for the requesting domain. You should have received an email if one of your certs was affected, but you can always replace your certs just in case. They did say that some of the affected certs they didn’t have a good email contact for, so it’s possible that some of the affected people weren’t notified. Here’s their FAQ if you need more info: Let's Encrypt Community Support – 3 Mar 20 Revoking certain certificates on March 4 Due to the 2020.02.29 CAA Rechecking Bug, we unfortunately need to revoke many Let’s Encrypt TLS/SSL certificates. We’re e-mailing affected subscribers for whom we have contact information. This post and thread will collect answers to frequently... Reading time: 22 mins ? Likes: 275 ❤

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Check your Wordpress plugins

Some big zero days out there for some of them, including Duplicator, Profile Builder, Themegrill Demo Importer, Themerex Addons and more: ZDNet Hackers are actively exploiting zero-days in several WordPress plugins | ZDNet There's quite the WordPress p0wnage going on right now.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Report: New Android malware can steal 2FA codes from Google Authenticator

Android Authority – 27 Feb 20 Report: New Android malware can steal 2FA codes from Google Authenticator 2FA apps are one of the best ways to secure your accounts, but a new form of malware poses a significant threat. This is a nasty one - once it gets on your system it will relay 2FA codes allowing hackers to break into your other systems.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Details of 10.6 million MGM hotel guests posted on a hacking forum

This is from the MGM breach last year. The data from that hack was posted online recently, including full names, home addresses, phone numbers, emails, and dates of birth. ZDNet Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum... MGM Resorts said security incident took place last summer and notified impacted guests last year.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Krebs: Hackers Were Inside Citrix for Five Months

https://krebsonsecurity.com/2020/02/hackers-were-inside-citrix-for-five-months/ “Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.” Pretty crazy that they were inside for that long. The FBI were the ones who had to tell Citrix they’d bee pwned.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Critical Adobe Flaws Fixed in Out-of-Band Update

threatpost.com Critical Adobe Flaws Fixed in Out-of-Band Update Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder. Adobe After Effects and Adobe Media Encoder are affected.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Pay Up, Or We’ll Make Google Ban Your Ads

https://krebsonsecurity.com/2020/02/pay-up-or-well-make-google-ban-your-ads/ Google claims that they have systems to detect the fraudulent ad traffic, making the extortion threat empty. Then again Google has made their own bed by making it impossible to contact a human being who works there. It’s completely plausible that malicious actors could get your account banned and then there’s a kafkaesque process to get unbanned.

3 years ago

Nic-AutomoxFormer Automox Employee

posted in Security News

Equifax makes it harder to get your $125

theregister.co.uk Equifax is going to make you work for that 125 bucks it owes each of you: Biz... Millions likely to get kicked into credit monitoring deal Adding additional steps that they’re hoping people won’t bother to go through to get their money.

3 years ago

Page 5 / 8

Badge winners

schweeeeethas earned the badge Conversation Starter
Tom.Arilhas earned the badge Conversation Starter
AdamW-Automoxhas earned the badge Conversation Starter
randygarlandhas earned the badge Conversation Starter
dylanhas earned the badge Conversation Starter

Show all badges

Terms & Conditions Cookie settings

Sign up

Already have an account? Login

Username *

E-mail address *

Country *

Password *

I accept the terms & conditions

loginBox.register.email_repeat

Login to the community

No account yet? Create an account

Username or Email

Password

Remember me

Forgot password?

Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.

Username or e-mail

Back to overview

Scanning file for viruses.

Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.

This file cannot be downloaded

Sorry, our virus scanner detected that this file isn't safe to download.