11.5 C
London
Sunday, October 22, 2017

RubyGems Patches Remote Code Execution Vulnerability

RubyGems patched an unsafe object deserialization vulnerability this week that could have allowed attackers to remotely execute code on vulnerable systems.

Microsoft Patches Office Bug Actively Being Exploited

Microsoft’s Patch Tuesday security bulletin includes 62 fixes for vulnerabilities tied to Office, SBM1 and the Windows DNS client.

Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket

Global consulting firm Accenture is the latest giant organization leaving sensitive internal and customer data exposed in a publicly available Amazon Web Services S3 storage bucket.

Microsoft Patches Critical Windows DNS Client Vulnerabilities

Microsoft patched three memory corruption vulnerabilities in the Windows DNS client that could be abused by a man-in-the-middle attacker to run arbitrary code.

Porn Site Becomes Hub for Malvertising Campaigns

A popular porn site is used by KovCoreG Group to launch multiple malvertising campaigns exposing millions to fake browser updates and malware.

FormBook Malware Targets US Defense Contractors, Aerospace and Manufacturing Sectors

FormBook info-stealing malware has been part of two recent distribution campaigns and is being sold on the Dark Web for as little as $29 a week.

NFL Players, Agents Targeted in Database Extortion Attempt

Researchers uncover a misconfigured Elasticsearch database, exposing data tied to NFL players and their agents.

Security Industry Failing to Establish Trust

During the Virus Bulletin closing keynote, Brian Honan urged the security industry to share more, victim-shame less and work harder to establish trust.

Emergency Apple Patch Fixes High Sierra Password Hint Leak

Apple rushed out an emergency patch that fixed an bug in High Sierra that revealed APFS volume passwords via the password hint feature.

US Top Law Enforcement Calls Strong Encryption a ‘Serious Problem’

U.S.

Deputy Attorney General and other top cyber policy makers warn the use of strong encryption hobbles law enforcementrsquo;s ability to protect the public and solve crimes and is a serious problem.

Latin American ATM Thieves Turning to Hacking

Thieves in Latin American countries are turning to Eastern European hackers to build ATM malware from scratch, according to a Virus Bulletin talk by researchers at Kaspersky Lab.

Inside the CCleaner Backdoor Attack

Two members of Avast's threat intelligence team shared new information about the CCleaner backdoor attack.