Millie
your market intelligence analyst
Search Results
Edit Save
318 results
Tech-Wreck InfoSec Blog 10/16/2020 07:46
Adobe Patch Addresses Flaw in Flash Player (10/13/2020) has released a new security for Adobe Flash Player for Windows, macOS, Linux, and Chrome OS. The updates address a critical vulnerability in Adobe Flash Player that could lead to an exploitable crash, potentially resulting in arbitrary code execution in the context of the current user. The company notes that "Exploitation of CVE-2020-9746 requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL." The company says that the vulnerability is not actively exploited. Cyber Command Says to Apply New Microsoft Patch Now (10/13/2020) released patches for 87 flaws in this month's , including one that the US Cyber Command says should be addre.
Tech-Wreck InfoSec Blog 10/16/2020 07:45
240 Android Apps Found Displaying Out of Context Ads (10/12/2020) At least 240 malicious Android apps have been inundating people with irrelevant ads, according to . The out of context ads appear to come from popular applications and social media platforms including YouTube and Chrome but are actually from an assortment of apps the researchers have dubbed "RAINBOWMIX." Many of the apps are Nintendo (NES) emulators taken from legitimate sources or low-quality games and had more than 14 million downloads and as many as 15 million ad impressions per day, generating a daily haul of about $150,000. The researchers say the hackers behind the campaign used packers - software that can reserve a bit of space and obfuscate the final payload - to bypa.
Tech-Wreck InfoSec Blog 10/09/2020 09:12
Comcast's X1 Remote Used in Listening Hack (10/07/2020) 's Xfinity X1 voice remote was apparently used to remotely record users' conversations by a security research team, reported. The organization in question, Guardicore Labs, was reportedly able to exploit a weakness in the firmware patching process used on the remote to wirelessly install a malicious software package that made it possible to use the remote's built-in microphone to stealthily listen in from as much as 65 feet away. The team also believes even longer distances could be managed if a more powerful antenna were used in the process. Thankfully for Comcast subscribers, the security flaw was already patched before Guardicore's study was made public. However, the possibility of
Tech-Wreck InfoSec Blog 10/09/2020 09:11
CISA Finds New SlothfulMedia RAT Affecting Russia, India, Other Countries (10/05/2020) The US Cybersecurity and Infrastructure Security Agency () is warning that a new remote access trojan (RAT) labeled SlothfulMedia has been detected in attacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia, and Ukraine.
Tech-Wreck InfoSec Blog 10/09/2020 09:09
Global Ransomware Attacks Up 50% in Third Quarter. (10/06/2020). Research issued saying that ransomware claims a new victim every 10 seconds with the daily number of attacks increasing by 50 percent in the past three months alone. The number of attacks in the US has nearly doubled (a 98.1 percent increase), making it the number one most targeted country. Other countries in the top five for the year's third quarter are India (with attacks up 39.2 percent), Sri Lanka (with a 436 percent increase), Russia (up 57.9 percent), and Turkey (up 32.5 percent). The research also details cybercriminals' latest tactic of extracting large quantities of sensitive information prior to encrypting the victim's files and threatening to publish the information u.
Tech-Wreck InfoSec Blog 10/02/2020 06:40
Alien Trojan Affects More Than 200 Android Apps. (09/28/2020). A relatively new and barely known Android malware that has remote access trojan (RAT), notification stealing, and authenticator-based 2FA theft capabilities has recently been uncovered. Named , this new strain has been active since the start of the year and is has been available as a Malware-as-a-Service (MaaS) offering on underground hacking forums. Researchers at say Alien is a fork of the now discontinued Cerberus first variant, whose customers seem to be switching to Alien, making it the prominent new MaaS for fraudsters. To date, the researchers have found at least 226 Android applications that were targeted with fake login pages. Most of these were aimed at online banking ap.
Tech-Wreck InfoSec Blog 09/25/2020 09:46
Decade Old MS Office E-Mail Bug Being Revived. (09/21/2020). A Office e-mail vulnerability affecting versions dating back to 2007 has seen a rapid uptick in the second quarter of 2020 as threat actors attempt to exploit it for malware purposes. Malware detection analysis by shows that targeted attempts to exploit the memory corruption issue CVE-2017-11882 in Microsoft Office (2007-2016) went up by 400 percent in the first quarter of the year. The analysis indicates that the growing trend does not seem to be improving any time soon. NordVPN digital privacy expert Daniel Markuson says, "The malware targeting a decade-old MS Office vulnerability must have been under the radar, as it has been spreading through emails for three years now." The mem.
Tech-Wreck InfoSec Blog 09/25/2020 09:45
Bing Mobile App Database Exposed with 6.5TB of Info. (09/22/2020). An open server with more than 6.5TB of data from users of the Bing search engine app was victim of a Meow attack, . A Meow attack is an automated infiltration of an open server that aims to delete all or a large portion of the data. This Meow attack deleted nearly the entire database. Both iOS and Android versions of the search app were exposed in an initial attack that took place from September 10 to 12. A second attack from the same group occurred on the 14th, and WizCase says that the server may have been exposed to other attackers and scammers as well. Information such as search terms, device details, and GPS coordinates were part of the database, and the researchers specu.
Tech-Wreck InfoSec Blog 09/25/2020 09:44
179 Arrested for Drug Selling through the Dark Web. (09/22/2020). Law enforcement agencies in the US and Europe broke up cybercriminal operations that used the Dark Web to traffic narcotics and opioids. Operation DisrupTor, named after the Tor private Web browser that is frequently used to access Dark Web sites, resulted in the arrests of 179 individuals in the US, Germany, and five other nations as well as the seizure over $6.5 million in cash and virtual currencies; approximately 775 kilograms of drugs including fentanyl, oxycodone, hydrocodone, methamphetamine, heroin, cocaine, ecstasy, MDMA, and medicines containing addictive substances; and 63 firearms. According to a US Department of Justice , the suspects were identified through vendor.
Tech-Wreck InfoSec Blog 09/18/2020 15:44
MS-SQL Databases Targeted by New Cryptominer. (09/16/2020). Cryptomining malware has been found burrowing into Microsoft SQL (MS-SQL) servers, affecting thousands of databases in recent months. reports that researchers from Tencent technologies have named the malware MrbMiner after a domain used by the attackers to host their malware. After identifying a MS-SQL server on the Web, the botnet will make repeated brute force attacks trying weak passwords. Once access is gained, a backdoor is created to allow future entry. Connecting to a command and control server, the attackers can then download an app that mines the Monero cryptocurrency using local server resources and generate Monero coins into the hackers' accounts. ZDNet says that Tencent h.
Tech-Wreck InfoSec Blog 09/18/2020 15:43
Bug in Staples Order Tracking System Leads to Data Breach. (09/16/2020). Some online customers of the office supply chain received notices of a data breach that may have exposed personally identifiable information. The cause of the breach was a combination of a poorly designed ordering system and unpatched Pulse Secure VPN servers, according to . Given that Staples' order numbers are assigned sequentially, adding or subtracting from a valid order ID would show information for a different customer. Using the zip code for that package, the hackers were able to access customer names and addresses, the credit card's last four digits and its type, phone numbers and e-mail addresses, and the customer's order history. No indication was given as to t.
Tech-Wreck InfoSec Blog 09/18/2020 15:41
Louisiana Court Documents Revealed in Ransomware Incident. (09/14/2020). The Fourth Judicial Court of Louisiana has been victimized by a ransomware attack that resulted in the exposure of court documents. says that the Conti ransomware strain was employed, and a note left on computers features code similar to that used by the Ryuk crypto-malware family. Documents posted on the Dark Web said to be from the court include responsive verdicts for a second-degree kidnapping, an armed robbery, and a case of aggravated rape. Following an initial denial of an attack by a courtroom staffer, Chief Judge Danny Ellender acknowledged the breach, noting that the incident was limited to the Court only and did not impact the Clerk of Court offices, where all.
Tech-Wreck InfoSec Blog 09/11/2020 08:28
Adobe Addresses 18 Security Holes in September Update. (09/08/2020). 's monthly includes patches for 18 vulnerabilities to its Adobe Experience Manager (AEM), FrameMaker for Windows, and InDesign for macOS packages. Among the AEM issues are cross-site scripting (XSS) vulnerabilities that could be exploited to execute JavaScript code in a browser and an HTML code injection issue. Adobe says it is not aware of any attacks exploiting these vulnerabilities. Bluetooth Devices Open to BLURtooth Vulnerability (09/09/2020) Researchers at the école Polytechnique Fédérale de Lausanne (EPFL) and Purdue University have independently identified a vulnerability affecting devices that support the Bluetooth BR/EDR and LE transport methods. According to a rep.

Personal Care

Household Products

Business Issues

Trends

Companies - Public

Companies - Venture Funded

Information Technologies

Regions

Job Titles