Doug Olenick SC Media

Doug Olenick

Online Editor

Most recent articles by Doug Olenick

Microsoft’s Patch Tuesday addresses Zero Day vulnerabilities

By

Microsoft’s Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities. Among the most worrisome issues addressed with this round of updates is CVE-2018-8589, a Won32k elevation of privilege flaw, that has been spotted in the wild affecting Windows 7, Server 2008 and Server 2008 R2. “This…

Adobe Patch Tuesday updates for Flash Player, Reader, Acrobat and PhotoShop

By

Adobe’s November Patch Tuesday security updates cover an important patch for Flash Player along with similarly rated patches for Acrobat, Reader and Photoshop. Flash Player 31.0.0.122 and earlier versions for Windows, macOS, Linux and Chrome OS have an out-of-bounds read vulnerability (CVE-2018-15978) that if exploited could lead to information disclosure. Adobe rated it a priority…

Google hit with IP hijack taking down several services

By

Google G Suite yesterday had much of its traffic re-routed through Russia and dropped at China Telecom, according to the network intelligence company Thousand Eyes. Thousand Eyes at this time reported Google was victimized by a Border Gateway Protocol (BGP) hijacking attack. Google confirmed there was an issue, but does not believe it was done intentionally.…

Automated Analysis: Answering the call for improved security in connected devices

By Brian Russell, chief engineer, VDOO The line between physical and digital has blurred. Cyberattacks against digital assets have an effect on the physical world and increase risk exposure for both manufacturers and implementers. Security incidents such as the VPNFilter attack on the only Ukrainian chlorine plant for water treatment or the discovered vulnerabilities on…

Nordstrom data breach exposes employee information

By

High-end retailer Nordstrom is in the process of notifying its employees their data may have been compromised in a breach. The Seattle Times reported worker names, Social Security numbers, dates of birth, checking account and routing numbers, salaries and additional information is included in the breach notification, which is being sent by email or being…

Cryptomining malware using Windows Installer to remain hidden

By

The high return rate offered by cryptocurrency mining operations is encouraging cybercriminals to put extra thought into how to hide their mining malware so it can function for as long as possible before discovery. One such effort researched by Trend Micro focuses on Coinminer.Win32.MALXMR.TIAOODAM uses Windows Installer as its cloak of invisibility. Trend researchers Janus…

Hack the Air Force 3.0 takes off

By

The U.S. Air Force has again joined with HackerOne to roll out the third installment of its bug bounty program nicknamed Hack the Air Force 3.0. The program runs until Nov. 22 and is open to white hat hackers in 191 countries, making it the government’s largest bounty project to date, the Air Force said…

Cyber Command

U.S. Cyber National Mission Force joins VirusTotal

By

The U.S. Cyber National Mission Force (CNMF) has started uploading malware samples to VirusTotal as part of its on-going efforts to work more closely with the private sector. The Force, which is a sub-command of U.S. Cyber Command, on November 5 began sharing unclassified malware samples it has discovered that will have the greatest impact…

Lazarus FASTCash ATM attack details discovered

By

Symantec researchers have uncovered several crucial details behind how the cybergang Lazarus, (AKA Hidden Cobra) has successfully conducted dozens of ATM hacks resulting in the machines literally spewing money out on the group’s command. The FBI and DHS have issued warnings on FASTCash. What was already known is that the bank robbers inject a malicious…

Next post in Malware