Cybersecurity News & Analysis | SC Media | Info Security News

Security News

‘Old Phantom Crypter’ supplants older Microsoft Office exploit builder tools

By

Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to…

Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients

By

Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in…

Google Play announces 2019 malicious app crackdown

By

Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…

Coffee Meets Bagel daters credentials among 617M records for sale on Dream Market cyber-souk

By

Those looking for love on Coffee Meets Bagel before May 2018 may have gotten more exposure than they were bargaining for – the online dating site confirmed on Valentine’s Day that it had been breached and that daters’ personal information may have been “acquired by an unauthorized party.” “Receiving an email from a dating app…

Report describes Scarlet Widow romance cyber scam

A new report about a Nigeria-based cybercrime ring describes in detail how lonely targets are emotionally preyed upon and in some cases bilked of their life savings through romance scams. Citing data from the Better Business Bureau, Agari Cyber Intelligence Division (ACID) reports such scams have led to personal losses of nearly $1 billion in…

Mozilla Foundation issues Firefox updates

By

Mozilla Foundation has issued security advisories for several vulnerabilities in Firefox ESR 60.5.1 and Firefox 65.0.1. The updates patch a use-after-free in skia flaw, an integer overflow in Skia flaw, and a buffer overflow in Skia with accelerated Canvas 2D vulnerability in Firefox ESR 60.5.1, all of which are rated high. The buffer overflow flaw…

No news on if Iran will retaliate yet...

Defector/ex-U.S. spy charged with aiding Iranian cyberattack plan

By

A U.S. counterintelligence agent specializing in Middle Eastern affairs, who defected to Iran in 2013, was indicted by a federal grand jury for conducting espionage on behalf of her adopted country. Monica Elfriede Witt, an American citizen who served in the U.S. Air Force Office of Special Investigations from 1997 until 2008, was charged with…

Xiaomi electric scooter vulnerability allows remote hacks

By

The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its  Anti-Theft System, Cruise-Control,…

Cisco Network Assurance Engine (NAE) contains password vulnerability

By

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…

Gov. Newsom proposes ‘data dividend’ for Calif. consumers

By

California May have some of the strictest data privacy and security laws on the books, but Gov. Gavin Newsom has floated a “new data dividend” that would compel Google, Facebook and the like to pay consumers in the state who choose to share their data. Noting that tech companies make billions from collecting and using…

Next post in Security News