Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Microsoft repairs 59 software bugs on a ‘quiet’ Patch Tuesday

Microsoft Corporation today released its latest batch of security updates, fixing 59 vulnerabilities, nine of them critical. Four of the critical flaws consisted of memory corruption bugs that can surface when the Chakra scripting engine handles certain objects in memory in the Microsoft Edge web browser (CVE-2019-1366, CVE-2019-1307, CVE-2019-1308 and CVE-2019-1335). These flaws can be…

mobile security

Kernel privilege escalation bug actively exploited in Android devices

Researchers have discovered a zero-day kernel privilege escalation bug that can result in the full compromise of certain Android devices and is apparently being exploited in the wild. Devices known to be affected by the high-level, use-after-free vulnerability include the Pixel 1, 1X:, 2 and 2 XL; the Huawei P20; the Xiaomi Redmi 5A; the…

Users are the target: How employees can be the strongest line of defense

One might think that stopping malware, phishing, and a whole host of email-borne attacks was akin to stopping rain during a hurricane or snow during a blizzard. It is ubiquitous and relentless. And despite promising advances in technology, so much malware still gets through cyberdefenses that the proverbial last line of defense, the end user,…

Analyst says insider threat mainly down to lack of understanding

Former Yahoo! engineer pleads guilty to using access to nick pics of women

Reyes Daniel Ruiz, a former Yahoo! software engineer, has pleaded guilty to using his access privileges at the company to hack users’ accounts so that he could download private images and videos mostly belonging to young women. A 10-year veteran of Yahoo!, Ruiz admitted to accessing around 6,000 accounts and storing the pilfered files at…

DCH Health System pays ransomware attackers in bid to restore operations

OCT. 12 UPDATE: On Oct. 10, DCH lifted its diversion protocol and began accepting all patients again in its Emergency Departments. Outpatient imaging for DCH Regional Medical Center and Northport Medical Center resumed normal operations on Oct. 11. DCH continues to work on restoring its systems. Forced to turn away certain patients following a ransomware…

Data on 92M Brazilians found for sale on underground forums

Several members-only dark web forums are reportedly auctioning what appears to be a stolen government database featuring the personal information of 92 million Brazilian citizens. The 16GB SQL database contains such information as name, birth date, mother’s name, gender and tax details including taxpayer IDs, according to BleepingComputer, which credits the discovery to a researcher…

HTTPS

New ‘Reductor’ malware compromises machines’ encrypted TLS traffic

Cyber espionage actors have developed a malware that can mark victims’ TLS-encrypted outbound traffic with identifiers so it can be compromised and potentially decoded later. Dubbed Reductor, the malware appears to share similar code to the COMpfun trojan, which was first documented in 2014 and is closely associated with suspected Russian APT group Turla, aka…

Iran hackers targeted presidential campaign, journalists

A threat group, dubbed Phosphorus, that Microsoft believes to be linked to Iran’s government targeted email accounts associated with a presidential campaign as well as government officials, journalists and prominent Iranians living outside the country. “In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700…

Next post in Security News