Cybersecurity News & Analysis | SC Media | Info Security News Security News

Security News

VMware advisory warns users to patch critical issue in product

VMWare updates Tools fixing race condition

VMWare issued a single security advisory and patch for a vulnerability in its Tools product. The flaw, CVE-2020-3941, affects VMware Tools for Windows version 10.x.y and can be mitigated by updating to version 11.0. The vulnerability, rated as important, is a race condition that can be exploited enabling an unauthorized person from escalating their privileges…

APT40 hacking group linked to 13 alleged front companies in Hainan, China

The mysterious research group Intrusion Truth has unleashed a new series of reports claiming that 13 businesses based in the southern island province of Hainan, China are collectively a front for reputed Chinese state-sponsored hacking group APT40. The alleged front companies all purport to be science and technology businesses seeking to hire pen testers, software development…

Intel patches six security issues

Intel’s January 2020 security update included six items with one rated high, four medium and one as a low priority. The most important vulnerability is CVE-2019-14613 affecting Intel’s VTune Amplifier for Windows and if left unpatched and exploited can allow escalation of privilege. An update fixing the problem has been posted. The medium CVE-2019-14615 affects…

Adobe rolls out a light Patch Tuesday offering

Adobe’s January Patch Tuesday security update contains five critical patches for Illustrator CC and four non-critical vulnerabilities for Adobe Experience Manager. Two versions of Illustrator CC are covered in this release, 24.0 and 24.0.2 24.0, being impacted by the critical-rated CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714.  All are memory code issues and can lead to…

National Security Agency

NSA reveals to Microsoft critical Windows 10 flaw

Microsoft reportedly acted on an NSA warning creating and issuing a secret out-of-band patch to the military and other high-value targets fixing CVE-2020-0601, a vulnerability affecting a core cryptographic component present in all versions of Windows. Published reports stated that the NSA informed Microsoft of the vulnerability and this knowledge enabled Microsoft to quickly fix…

Nemty ransomware makers may be latest to adopt data leak strategy

Following in the footsteps of Maze and Sodinokibi, it appears the makers another malicious encryption program plans to adopt the tactic of publishing data that’s been exfiltrated from targets. According to a BleepingComputer report, Nemty ransomware developers posted on a news feed in its affiliate panel that it intends to create a website where they…

Russia’s Fancy Bear successfully hacked Burisma during impeachment probe

As the House Intelligence Committee held impeachment hearings last fall, members of the Russian GRU, known as Fancy Bear, successfully hacked Burisma, the Ukrainian energy company at the center of the impeachment investigation. In an echo of the 2016 presidential election cycle where Russian hackers pilfered and released damaging emails on then candidate Hillary Clinton…

iPhone's are also susceptible to hacking.

Barr pushes Apple for additional help unlocking Pensacola gunman’s iPhone

Declaring a shooting last fall at a Pensacola naval base a terrorist act, Attorney General William Barr struck a familiar chord – pressing Apple for help unlocking iPhones associated with the investigation of the incident. Barr assailed the phone maker for not having “given any substantive assistance” as authorities try to obtain data on two damaged…

Next post in Security News