Cybersecurity News & Analysis | SC Media | Info Security News

Security News

VMware issues workarounds for Salt vulnerabilities in vRealize Operations Manager

VMware has issued workarounds for a pair of vulnerabilities that were earlier disclosed in Salt that directly affect VMware’s vRealize Operations Manager. The vulnerabilities, the critical CVE-2020-11651 and important CVE-2020-11652, impact the Application Remote Collector that was introduced with vRealize Operations Manager 7.5. The SaltStack project previously patched the issues in its own product, but…

Hollywood

REvil hackers extort law firm with Lady Gaga, Nicki Minaj, Elton John as clients

Cyberattackers have breached a high-profile entertainment and media law firm, infecting the practice with ransomware and stealing files that apparently pertain to its star clients, including Lady Gaga, Madonna, Elton John, Barbara Streisand, Bruce Springsteen, Mariah Carey and Mary J. Blige. A cyber analyst who requested anonymity provided SC Media with content posted on the…

First Look: Guardicore Infection Monkey version: 1.7

Company name: GuardicoreProduct name: Infection Monkey version: 1.7Email: [email protected]: https://www.guardicore.com/Basic Price: Free, Open SourceCustomer Support Offerings:  For questions, suggestions and guidance join the Infection Monkey​ community via the Slack channel https://infectionmonkey.slack.com/​.  Guardicore Infection Monkey source code is available for direct download at the ​GitHub​ repository https://github.com/guardicore/monkey. During past year there have been a flood of…

Thunderbolt ports vulnerable to hands-on hacks

A threat actor with just five minutes of direct access to a computer’s Thunderbolt port can steal encrypted data and clean out the device’s system memory due to seven specific security lapses in the Intel-developed port. The vulnerabilities, named Thunderspy, were brought to light by Björn Ruytenberg, a graduate student at the Eindhoven University of…

MobiFriends data on 3.6 million users available for download online

The leaked personal data of more than 3.6 million users registered on dating site MobiFriends was made all the more vulnerable because the site used the notoriously weak MD5 hashing. “It is always troubling to hear about passwords being stolen in a data breach, especially when the stolen passwords are hashed with MD5,which is infamous…

Tor network remains unsure how feds discovered and shut down Silk Road 2.0

COVID-19 inspires Nigerian scammers to launch waves of BEC campaigns

Nigerian cybercriminal actors are shamelessly exploiting the COVID-19 pandemic to infect government health care agencies, academic medical programs, medical publishing firms and more with malware, largely for the purpose of conducting Business Email Compromise operations. In a company blog post, researchers with Palo Alto Networks’ Unit 42 threat intelligence team have reported observing three prominent…

Scammers exploit interest in NBA finals to spread Facebook spam

Hacker hijacks Milwaukee Bucks star’s Twitter account, posts offensive trash talk

A malicious hacker reportedly hijacked the Twitter account of NBA star forward Giannis Antetokounmpo and riddled it with disparaging and offensive fake tweets about current and former players. The fake tweets used expletives and a racial slur, and even targeted L.A. Lakers legend Kobe Bryant, who tragically died in a helicopter crash earlier this year.…

Cisco pushes out almost three dozen security updates

Cisco released a batch of 34 security updates with 12 being rated as a high priority. Eight of the high-rated advisories impacting the company’s Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software while all of them involve the latter software product. A few of the more critical problems were CVE-2020-3187, a vulnerability…

Next post in Vulnerabilities