Experienced cybersecurity leaders are beginning to call for a move from reactive detection to proactive prevention. It’s clear that the need to get ahead of the cybersecurity curve is real. Over the past decade, experts talked about the number of days that malware is in your system, and now the discussion is fast becoming how…
A Georgia court gave final approval for Equifax’s $380.5 settlement in response to a class action suit brought for the September 2017 data breach that exposed the PII of 148 million customers. Judge Thomas W. Thrash of the Northern District of Georgia ordered Equifax to place the money in a fund from which victims can…
The Australian P&N Bank reported a data breach that exposed detailed and sensitive financial information on an unspecified number of customers. Access was gained on December 12 to the bank’s customer relationship management system, which is operated by a third-party hosting firm, was undergoing an upgrade. Details on how it was accessed were not revealed,…
The Canadian online pharmacy PlanetDrugsDirect is notifying customers of a data breach that exposed both payment and personal health insurance. In an email obtained by Bleeping Computer the bargain online retailer said exposed data could include name, address, email, phone number, medical information (including prescription) along with payment card data. The company does not believe…
Normally the U.S. Army would not tout the success of an attacker, but in the case of Hack the Army 2.0 bug bounty program the service proudly announced 146 vulnerabilities were found. The platoon-sized unit of white hat hackers, 52 individuals, found the valid vulnerabilities while investigating 60 publicly accessible Army websites, including army.mil, .goarmy.mil,…
Two new batches of malicious apps have been found on the Google Play store with one group possibly having been downloaded hundreds of millions of times and the other having the ability to dodge Google vetting system. Sophos and Bitdefender have each reported the apps they discovered used well-worn tricks, including actually working, in order…
VMWare issued a single security advisory and patch for a vulnerability in its Tools product. The flaw, CVE-2020-3941, affects VMware Tools for Windows version 10.x.y and can be mitigated by updating to version 11.0. The vulnerability, rated as important, is a race condition that can be exploited enabling an unauthorized person from escalating their privileges…
Intel’s January 2020 security update included six items with one rated high, four medium and one as a low priority. The most important vulnerability is CVE-2019-14613 affecting Intel’s VTune Amplifier for Windows and if left unpatched and exploited can allow escalation of privilege. An update fixing the problem has been posted. The medium CVE-2019-14615 affects…
Adobe’s January Patch Tuesday security update contains five critical patches for Illustrator CC and four non-critical vulnerabilities for Adobe Experience Manager. Two versions of Illustrator CC are covered in this release, 24.0 and 24.0.2 24.0, being impacted by the critical-rated CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714. All are memory code issues and can lead to…
Microsoft reportedly acted on an NSA warning creating and issuing a secret out-of-band patch to the military and other high-value targets fixing CVE-2020-0601, a vulnerability affecting a core cryptographic component present in all versions of Windows. Published reports stated that the NSA informed Microsoft of the vulnerability and this knowledge enabled Microsoft to quickly fix…
