Network Security | SC Media

Network Security

Intel addresses flaws found across four products


Intel has released a series of security updates and mitigation recommendations to address recently discovered vulnerabilities in four of its products, including two high-severity flaws. The Santa Clara, Calif.-based chip maker patched its Intel Media SDK product to fix CVE-2018-18094, a high-risk vulnerability in versions 2018 R2.1 and earlier that could allow authenticated users with…

Nearly one billion Chrome users vulnerable to exploit patched in later versions


Exodus Intelligence security researcher István Kurucsai discovered and published a proof-of-concept of a vulnerability found in Google Chrome. Although the security flaw has been patched in Chrome’s version 8 JavaScript engine, a fix hasn’t been developed for Chrome version 73 leaving at least an estimated billion users at risk. Kurucsai pointed out that this situation…

patch flaw vulnerability

Samba updates eliminate pair of vulnerabilities


The development team behind Samba issued software updates yesterday in order to patch a pair of vulnerabilities in the free re-implementation of the SMB networking protocol. The first vulnerability, CVE-2019-3870, occurs in Samba versions 4.9.x upon the provisioning of a new Active Directory domain controller. During this process, some files in the private/ directory are…

Cisco fixes previously issued flawed patches for routers


Cisco fixed two flawed patches for its RV320 and RV325 small business routers, while also revealing two medium-rated additional vulnerabilities. The previously patched vulnerabilities, CVE-2019-1652 and CVE-2019-1653, were improperly patched in September 2018. If it is exploited a remote attacker would be able to inject and run admin commands on a device without a password…

data center

Threat actors use US data center to spread malware


Bromium researchers spotted scammers used Nevada data centers to distributed Dridex, GandCrab and other malware in a campaign that lasted between May 2018 to March 2019. Typically, threat actors organize their operations outside of the reach of U.S. law enforcement but these made a bold statement using servers that could easily be seized and shut…

Commission offers suggestions for stemming online spy threat from China

Chinese HR firms and recruiting agencies found to leak more than half a billion resumes


Chinese companies were discovered leaking more than half a billion resumes on the web via poorly secured ElasticSearch and MongoDB databases. The leaks occurred solely at Chinese firms over the last few months from Chinese human resource-focused companies in batches ranging from a handful of CVs to professional executive head-hunting firms all leaking customer details…

Albany, N.Y. hit with ransomware attack


Albany, New York was hit with a ransomware attack on March 30 that has shut down an undetermined number of several city services. Albany Mayor Kathy Sheehan informed the public of the attack in a tweet on Saturday. Few details of the attack have been issued by city officials, but Sheehan did tell all city…

VSkimmer trojan steals card data on point-of-sale systems

2M credit cards exposed in Buca di Beppo, Earl of Sandwich, Planet Hollywood parent company breach


A point-of-sale data breach allegedly discovered a month ago and just now admitted, exposed two million credit cards belonging to diners of Earl Enterprises restaurants. KrebsOnSecurity claims to have contacted the Italian restaurant chain that owns Buca di Beppo, Earl of Sandwich, Planet Hollywood and other restaurant brands, on Feb. 21, 2019, after finding evidence…

Picture credit: WiseGEEK

Insurance Companies collaborate to offer cybersecurity ratings


In a collaborative effort, some of the world’s largest insurers have set out to create a consumer ratings service for the cybersecurity industry. The initiative, launched Tuesday and set to be led by Marsh & McLennan, will attempt to score best products to reduce hacking risks and will create an assessment of the best cybersecurity…

Next post in Cybercrime