Cybersecurity | SC Media

Cybersecurity

Google Play announces 2019 malicious app crackdown

By

Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…

Mozilla Foundation issues Firefox updates

By

Mozilla Foundation has issued security advisories for several vulnerabilities in Firefox ESR 60.5.1 and Firefox 65.0.1. The updates patch a use-after-free in skia flaw, an integer overflow in Skia flaw, and a buffer overflow in Skia with accelerated Canvas 2D vulnerability in Firefox ESR 60.5.1, all of which are rated high. The buffer overflow flaw…

Xiaomi electric scooter vulnerability allows remote hacks

By

The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its  Anti-Theft System, Cruise-Control,…

Cisco Network Assurance Engine (NAE) contains password vulnerability

By

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…

PoC hides malware in Intel SGX enclave

By

Researchers developed a proof of concept attack which allows them to hide malware in Intel’s Software Guard eXtensions (SGX). Intel SGX is a feature found on all modern Intel CPUs that allows developers to isolate applications in secure “enclaves” and the attack allows researchers to hide undetectable malicious code from their security software  within these…

77 updates in Microsoft patch Tuesday

By

Microsoft released 77 updates, 20 of which were classified as critical, in this months patch Tuesday announcement. The updates included fixes for Microsoft Windows, Office, IE, Edge resolving a total of 74 unique CVEs this month including one actively exploited zero day flaw in Internet Explorer, according to its February Patch Tuesday release. The zero…

VFEmail hit with ‘Catastrophic’ attack that deleted primary and backup files

By

Milwaukee-based email provider VFEmail has suffered what it has described as a “catastrophic” attack which has resulted in the destruction of all data in the U.S. on both primary and backup systems. The attackers didn’t demand a ransom but simply went on an attack and destroy mission. Signs of the attack surfaced the morning of…

Layering EMV chip, tokenization, encryption bolsters card payment security

Chip and PIN protections may fall short as future threats materialize

By

The protections that chip and PIN payment card solutions offer may fall short as cybercriminals begin installing command-and-control malware on infected EMV device readers, a new report warns. Cybercriminals could begin repurposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV…

Adiantum boosts encryption for low-end Android devices

By

Google has developed a new storage encryption solution that will boost encryption capabilities for low-end Android devices that don’t have the hardware to support AES. Researchers said the new solution, called Adiantum, allows the use of the ChaCha stream cipher “in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH,”…

Next post in Security News