Discuss the latest breaches and security news
- 200 Topics
- 196 Replies
February 2020 Patch Tuesday
Adobe and Mozilla have released updates for multiple products. Microsoft updated a previously released security advisory containing vulnerabilities in Microsoft Edge based on Chromium. We’re expecting Microsoft’s full releases anytime now. You can use the patch index and Patch Tuesday central below to stay updated on all releases throughout the day! See anything interesting so far? go.automox.com Automox Patch Tuesday - Rapid Response Center | Cyber Security Every patch Tuesday, speed is your biggest advantage for ensuring the cyber security of your infrastructure. It’s a race to harden your endpoints before adversaries exploit these new vulnerabilities. blog.automox.com February 2020 Patch Tuesday Index For the latest Patch Updates from Microsoft and third-party vendors, bookmark the Automox February 2020 Patch Tuesday Index, updated live throughout the day.
Android owners – you'll want to get these latest security patches, especially for this nasty Bluetooth hijack flaw
theregister.co.uk Android owners – you'll want to get these latest security patches, especially... 'Pwned with a broadcast' bug among 25 to be patched by Google The flaw lets arbitrary code be run through the Bluetooth module, so get this one patched asap! Advisory here: https://source.android.com/security/bulletin/2020-02-01.html
Chrome 80 Released With 56 Security Fixes, Cookie Changes, More
BleepingComputer Chrome 80 Released With 56 Security Fixes, Cookie Changes, More Google has released Chrome 80 today, February 4th, 2020, to the Stable desktop channel for the Windows, macOS, Linux, Chrome OS, iOS, and Android platforms with bug fixes, new features, and 56 security fixes. 56 security fixes in here, some of the high, so make sure you patch!
Wawa card breach may rank as one of the biggest of all times
ZDNet Wawa card breach may rank as one of the biggest of all times | ZDNet Hackers put the card details of more than 30 million Wawa customers on sale online. Looks like a bunch of us will be getting new credit/debit card numbers. Apparently the black market price for a credit card is $17. Wawa is claiming that no CVV2 info was included, but that is contradicted by journalists who obtained a sample that did include CVV2 numbers.
New 'CacheOut' attack targets Intel processors, with a fix arriving soon
Another day, another CPU attack: PCWorld New 'CacheOut' attack targets Intel processors, with a fix arriving soon Researchers claim that the latest side-channel exploit against Intel processors can be used to leak a targeted set of data, rather than just a random bunch of bytes. Affects all Intel CPUs but not AMD. Fix coming “soon”
Ransomware that leaks your data if you don't pay up
BleepingComputer Maze Ransomware Not Getting Paid, Leaks Data Left and Right Maze ransomware operators have infected computers from Medical Diagnostic Laboratories (MDLab) and are releasing close to 9.5GB of data stolen from infected machines. I hadn’t heard of this approach before. Looks like the Maze ransomware folks are threatening to release almost 10GB of data if the victim doesn’t pay up. On the plus side, at least you can get your data back from the leak 🙂
Microsoft discloses security breach of customer support database
ZDNet Microsoft discloses security breach of customer support database | ZDNet Five servers storing customer support analytics were accidentally exposed online in December 2019. Info in the database included email addresses, IP addresses and support case details (which could contain further sensitive information). Microsoft is notifying affected customers today, so be on the lookout for an email in case you were one of the unlucky 250M entries in the database.
It's gonna be a big Patch Tuesday
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ Speculation is that it will be an update to crypt32.dll, the module that handles all certificate and cryptographic functions. Make sure to get all the news and analysis here: go.automox.com Webinar: Automating Patch Tuesday: January 2020 Join Richard Melick for a review of the first Patch Tuesday of 2020. He'll discuss Microsoft's updates, third-party security patches, and tips for automatically protecting your infrastructure from these vulnerabilities.
What not to buy on Cyber Monday
USA TODAY Beware gifts bearing 'backdoors' and other security vulnerabilities this... Don't be fooled by the discounts these companies offer. The cost to your privacy could be much greater than you bargained for. TL;DR - avoid Huawei, Lenovo, Lexmark & GoPro Any other brands you avoid buying due to security concerns?
New trend for ransomware - MSP is the vector
I’ve heard of a couple like this now: BleepingComputer Sodinokibi Ransomware Hits New York Airport Systems Albany International Airport staff announced that the New York airport's administrative servers were hit by Sodinokibi Ransomware following a cyberattack that took place over Christmas. Your MSP is like a toddler in kindergarten - they get exposed to all the germs!
Watch out for Iranian hackers
StateScoop – 6 Jan 20 MS-ISAC cautions of cyberattacks following death of Iranian general | StateScoop Though based on no specific credible cyberthreat, an advisory warns state and local governments to be especially vigilant after the death Qassem Soleimani. We’ve seen a spike in traffic from Iran this week - anyone else seeing that in your analytics?
Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo or Google Home
Wired Hackers Can Use Lasers to ‘Speak’ to Your Amazon Echo By sending laser-powered “light commands” to a smart assistant, researchers could force it to unlock cars, open garage doors, and more. I’d heard of lasers to record conversations from window vibrations, but this is going in the other direction. Make sure you home devices aren’t visible through a window!
The Hidden Cost of Ransomware: Wholesale Password Theft
https://krebsonsecurity.com/2020/01/the-hidden-cost-of-ransomware-wholesale-password-theft/ Krebs points out that once hackers breach your network, they are going to slurp up any and all credentials they can find, including browser-stored passwords and password managers. They’ve even automated the process: CIS Security Primer - TrickBot TrickBot is a modular banking trojan that uses man-in-the-browser attacks to target user financial information and act as a dropper for other malware.
Smart camera maker Wyze hit with customer data breach
CNN Smart camera maker Wyze hit with customer data breach Wyze Labs, which makes smart cameras and connected home gadgets, has confirmed databases holding millions of customers' information were exposed to the public. Looks like this breach was a BOGO special, with two breaches to two separate databases. And if you think you’re safe because you use Ring instead of Wyze, they just had a breach as well.
Microsoft Updates November Security Updates with SharePoint Bug
threatpost.com Microsoft Issues Out-of-Band Update for SharePoint Bug An attacker could exploit CVE-2019-1491 to obtain sensitive information that could be used to mount further attacks. There’s some confusion as to whether this is an out of band update or whether it just got left off the list for patch Tuesday. Either way, this one has a severity of Important so patch your Sharepoint (if you’re one of the poor people stuck using it).
Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools
BleepingComputer Snatch Ransomware Reboots to Windows Safe Mode to Bypass AV Tools Researchers discovered a new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions and immediately starts encrypting files once the system loads. Clever trick to get around some AV software. Sophos’ recommendation is to make sure you don’t expose any RDP services outside of your network, for which we have a handy worklet.
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
theregister.co.uk Atlassian scrambles to fix zero-day security hole accidentally disclosed on... Exposed private cert key may also be an issue for IBM Aspera Probably explains the outage yesterday, while they were getting this fixed.
Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions
BleepingComputer Dozens of VNC Vulnerabilities Found in Linux, Windows Solutions Researchers found a total of 37 security vulnerabilities impacting four open-source Virtual Network Computing (VNC) implementations and present for the last 20 years, since 1999. No exploits yet, so these are theoretical for now. The research was done by Kaspersky, so take with however many grains of salt you need. Still, worth taking a look at what VNC solutions you might be using in your environment.
Linux, Windows Users Targeted With New ACBackdoor Malware
BleepingComputer Linux, Windows Users Targeted With New ACBackdoor Malware Researchers have discovered a new multi-platform backdoor that infects Windows and Linux systems allowing the attackers to run malicious code and binaries on the compromised machines. Another cross-platform malware - this time Linux and Windows only.
PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS
Interesting that it can work across OS platforms: BleepingComputer PureLocker Ransomware Can Lock Files on Windows, Linux, and macOS Cybercriminals have developed ransomware that can be ported to all major operating systems and is currently used in targeted attacks against production servers. It’s reusing code from the More_Eggs ransomware kit and it appears that the people behind PureLocker are going after financial institutions. The reason it’s cross platform is because they’re using the PureBasic, whose binaries are designed to run across Mac, Windows & Linux. In addition, PureBasic binaries are proving to be a problem for AV detection. Here’s the analysis from the researchers that goes into more technical details: https://www.intezer.com/blog-purelocker-ransomware-being-used-in-targeted-attacks-against-servers/
Update Your QNAP NAS Box Right Now to Block 'QSnatch' Malware
Lifehacker Update Your QNAP NAS Box Right Now to Block 'QSnatch' Malware I’m going to go ahead and pat myself on the back for setting up a Google Alert for the words “Qnap” and “malware.” I use one of the company’s NAS boxes, as do many others, and now I have a chance to inoculate my device against a nasty new strain of... There’s a new malware named QSnatch that targets QNAP devices. They do have updates to protect against it, and installing those would be a good Friday task!
Ubiquiti turns on data telemetry with no warning to customers
theregister.co.uk Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti.... You didn't ask for it, we didn't tell you about it, but hey, it clears GDPR so what you gonna do? Anyone else concerned about this one? Do you use Ubiquiti in your environment?
NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience
BleepingComputer NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience NVIDIA released security updates to fix 12 high and medium severity vulnerabilities in the Windows GPU display driver and the NVIDIA GeForce Experience (GFE) software. If you use an Nvidia GPU, make sure to update both the drives and the GeForce Experience (if you use it). We’re looking into creating a worklet to automate the remediation if you have a lot of machines that need remediation.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.