Cybersecurity News and Product Reviews | SC Media

Home

4M applications for youth org internships exposed

By

An unprotected Elasticsearch database exposed at least four million “opportunity applications” for internships at AIESEC, billed as “the world’s largest youth-run organization” with more than 100,000 members in 127 countries. SecurityDiscovery.com researcher Bob Diachenko of SecurityDiscovery.com, found the information, which included email addresses, full names, birth dates and gender as well as an in-depth description of…

Downloads of cracked software distribute ransomware via adware bundles

By

Websites offering cracked versions of popular software programs have recently been serving up adware bundles that secretly deliver a variant of STOP ransomware. According to a pair of reports from Bleeping Computer founder Lawrence Abrams, the scheme came to light in December 2018 with the appearance of the malicious encryptor “Djvu” – so named because…

Abuse.ch takes down 100K malware distribution sites in 10 months

By

Swiss non-profit threat sharing, Abuse.ch, announced its platform has managed to takedown 100,000 malware distribution sites in 10 months in a recent project which consisted of sharing malicious URL used for distribution. Abuse.ch’s URLhaus project was launched last year to collect malicious URLs by allowing anyone to sign up with a Twitter account to report…

Adobe releases third update in less than a month

By

Adobe today announced security updates for its vulnerabilities in its Experience Manager product that could result in sensitive information disclosure. The updates address a Moderate rated reflected cross-site scripting vulnerability and an Important rated stored cross-site scripting vulnerability in Adobe Experience Manager version 6.0 through version 6.4 across all platforms, according to a Jan. 22…

Critical vulnerability issued for Cisco switches

By

Cisco has revealed a critical-rated vulnerability in its small business switches software that if exploited can allow a remote attacker to bypass the device’s user authentication mechanism. The vulnerability in version 1.4.9.04 of the Cisco software exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system.…

ACLU demands Justice Dept. reveal facial recognition tech use

By

The American Civil Liberties Union (ACLU) and ACLU of Massachusetts are demanding the Justice Department reveal how the FBI and other federal law enforcement agencies are using facial recognition technology. The rights organization has filed a Freedom of Information Act (FOIA) request to compel the department about the use of the technology “and what safeguards,…

EU GDPR gavel thinkstock

French privacy regulator fines Google $57M for GDPR violation

By

French regulators hit Google with a $57 million fine for violating GDPR rules that took effect last May by being less than upfront about how user data is collected and used. French data privacy agency CNIL levied the fine, the first against a U.S. company since GDPR took effect last spring, noting that Google “Essential…

telegrammessageapp_875461

Researchers find Telegram bot chatter is actually Windows malware commands

By

Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.…

Google Play boots fake apps that spy on devices’ motion sensor data before dropping Anubis malware

By

A fake currency converter and a phony battery utility program are among the latest fraudulent apps to be expunged from Google Play, according to researchers who discovered they were infecting users with a version of the Anubis banking malware family. Both fraudulent apps employ a crafty technique to determine whether it is safe for them…

Next post in Security News