By Kevin Townsend on August 18, 2017 This month’s Microsoft patch updates include one particular vulnerability that is raising concerns: CVE-2017-8620, which affects all versions of Windows from 7 onwards. Microsoft explained, “in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of… Continue reading Patching Against the Next WannaCry Vulnerability (CVE-2017-8620)
Secret chips in replacement parts can completely hijack your phone’s security
Booby-trapped touchscreens can log passwords, install malicious apps, and more. Dan Goodin (US) – 18/8/2017 People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops contain secret hardware that completely hijacks the security of the device. The… Continue reading Secret chips in replacement parts can completely hijack your phone’s security
Inside the Kronos malware – part 1
18th August 2017 by Malwarebytes Labs Recently, a researcher nicknamed MalwareTech famous from stopping the WannaCry ransomware got arrested for his alleged contribution to creating the Kronos banking malware. We are still not having a clear picture whether the allegations are true or not – but let’s have a look at Kronos itself.… Continue reading Inside the Kronos malware – part 1
Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight
18th August 2017 Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary data from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about… Continue reading Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight
Hacker Releases iPhone 5s Secure Enclave Decryption Keys
August 17th, 2017 By Rafia Shaikh A hacker has claimed to have “hacked” into iPhone’s Secure Enclave. Going by the online moniker of Xerub, the security researcher has released what he claims to be a full decryption key for the Secure Enclave Processor (SEP) for Touch ID. Apple introduced Touch ID with its… Continue reading Hacker Releases iPhone 5s Secure Enclave Decryption Keys
US Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records
August 17th, 2017 By Dell Cameron A leading US supplier of voting machines confirmed on Thursday that it exposed the personal information of more than 1.8 million Illinois residents. State authorities and the Federal Bureau of Investigation were alerted this week to a major data leak exposing the names, addresses, dates of… Continue reading US Voting Machine Supplier Leaks 1.8 Million Chicago Voter Records
Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps
August 17th, 2017 By Catalin Cimpanu It was to be expected that Android banking trojan operators would eventually set their sights on ride-hailing applications, considering that these apps work with a user’s financial data on a daily basis. Mobile banking trojans work by watching when users open an app and displaying a… Continue reading Banking Trojans Set Their Sights on Taxi and Ride-Hailing Apps
Microsoft Security Update Minor Revisions Issued: August 16, 2017
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: August 16, 2017 ******************************************************************** Summary ======= The following CVE has been revised in the July 2017 Security Updates. * CVE-2017-8607 Revision Information: ===================== CVE-2017-8607 – Title: CVE-2017-8607 | Scripting Engine Memory Corruption Vulnerability… Continue reading Microsoft Security Update Minor Revisions Issued: August 16, 2017
RCE Vulnerability Affecting Older Versions of Chrome Will Remain Unpatched
17th August 2017 By Catalin Cimpanu A remote code execution vulnerability affects older versions of the Google Chrome browser, all except the current version — Chrome 60. The flaw was discovered by a security researcher who wanted to remain anonymous and reached out to the Beyond Security’s SecuriTeam Secure Disclosure program to… Continue reading RCE Vulnerability Affecting Older Versions of Chrome Will Remain Unpatched
TunnelBear Completes Industry-First Consumer VPN Public Security Audit
The TunnelBear Team 7th August 2017 Consumers and experts alike have good reason to question the security claims of the VPN industry. Over the last few years, many less reputable VPN companies have abused users’ trust by selling their bandwidth, their browsing data, offering poor security or even embedding malware. Being within… Continue reading TunnelBear Completes Industry-First Consumer VPN Public Security Audit