Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Phishing campaign impersonates email alerts from DHS

An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday. “The email campaign uses a spoofed email address to…

Making a racket: LoudMiner malware cryptojacks VMs, comes bundled with pirated VST software

Malicious actors are attempting to infect computers running Tiny Core Linux virtual machines with an XMRig-based cryptominer that’s being bundled with pirated copies of Virtual Studio Technology (VST) software applications. Dubbed LoudMiner, the Monero-mining software first appeared in August 2018, and works by abusing virtualization software – QEMU on macOS machines and VirtualBox on Windows devices.…

Script fails, thousands of Mozilla developer emails and passwords possibly exposed

Firefox updates address takeover vulnerability

Mozilla released security updates to address a vulnerability in Firefox and Firefox ESR that could allow attackers to take control of an affected system. The vulnerability is rated critical and is actively being exploited in the wild. Mozilla called it “a type confusion vulnerability” that occurs when manipulating JavaScript objects due to issues in Array.pop.…

Ransomware attack on software company ResiDex may have exposed data on assisted-living residents, workers

Personal information belonging to residents and employees of multiple assisted living facilities were potentially exposed in an April 2019 cyberattack that infected third-party software company Tenx Systems, LLC with ransomware. The Minneapolis-based company, which operates under the name ResiDex Software and provides software to assisted-living homes, group facilities and care-giving organizations for seniors and the…

Samba security updates address Samba flaws that could be used to execute DoS attacks

The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward, which, if exploited, could be used to prompt a denial-of-service (DoS) attack. One vulnerability affecting the free software platform is a DoS in DNS management server bug,which could allow an authenticated user to crash…

Maryland governor goes on a cybersecurity rampage

Maryland Governor Larry Hogan signed an executive order designed to bolster the state’s cyber defenses in light of the devastating ransomware attack that recently struck Baltimore by creating several new cybersecurity departments and positions. The executive order creates the Maryland Cyber Defense Initiative which will manage the state’s ability to handle any consequences of a…

Who goes there?

A common theme that runs through successful books and movies is misdirection. Are the good guys really good and the bad guys really bad? Identity is everything. In the real world, you do not want to be the good guy who finds out at the end that your colleague or business partner was actually an…

Cybersecurity executive changes

June 19Karen O’Reilly Smith has been named chief security officer at Rackspace replacing Brian Kelly who retired. Smith previously served as chief information security officer international for Aetna/CVS. June 6Dan Hubbard was named CEO of Lacework after previously having been chief product officer, where he was responsible for driving innovation and expanding the company’s security…

645,000 Oregonians affected in previously disclosed Dept. of Human Services breach

Oregon’s Department of Human Services (DHS) is in the process of mailing notifications to roughly 645,000 of its reportedly 1.6 million clients, following a data breach incident last January that resulted from a phishing scam. When DHS first publicly disclosed the incident last March, it said the number of affected Oregonians exceeded 350,000, but it…

Next post in Data Breach