Microsoft is urging computer users to patch their systems now against a critical vulnerability that could be exploited by a fast-moving worm.
Read more in my article on the Hot for Security blog.
Adobe Patch Tuesday updates for May 2019 address a critical flaw in Flash Player and more than 80 vulnerabilities in Acrobat products.
Adobe Patch Tuesday updates for May 2019 address a total of 84 vulnerabilities in Acrobat and Acrobat Reader products for Windows and macOS.
The tech company addressed many critical vulnerabilities in its products, including heap overflow, buffer error, double free, use-after-free, type confusion, and out-of-bounds write issues that can be exploited to execute arbitrary code on vulnerable systems.
The list of vulnerabilities addressed by Adobe also includes several out-of-bounds read issues that can lead to information disclosure.
The good news is that none of the vulnerabilities patched by Adobe Patch Tuesday updates for May 2019 has been exploited in attacks in the wild.
According to the priority ratings assigned by Adobe to the flaws, the risk of exploitation in the near future is low.
Adobe fixed a critical use-after-free vulnerability in Flash Player that can be exploited to execute arbitrary code in the context of the targeted user.
The issue tracked as CVE-2019-7837 affects Windows, macOS, Linux, and Chrome OS versions of the popular software. The vulnerability was reported to Adobe by an anonymous researcher via Trend Micro’s Zero Day Initiative (ZDI).
Adobe also fixed a critical file parsing vulnerability that can lead to remote code execution.
Adobe also released Media Encoder version 13.1 that addresses two security vulnerabilities, a critical issue tracked as CVE-2019-7842 that can
The post Adobe patches over 80 flaws in Flash, Acrobat Reader, and Media Encoder appeared first on Security Affairs.
For several months, QH Labs has been observing an upswing in ransomware activity. We found a new ransomware which is written in Go lang. Malware authors are finding it easy to write ransomware in Go lang rather than traditional programming languages. Infection of Jcry ransomware starts with a compromised website. As…
February was a rather quiet month for hacks and data breaches in the UK, Mumsnet reported a minor data breach following a botched upgrade, and that was about it. The month was a busy one for security updates, with Microsoft, Adobe and Cisco all releasing high numbers of patches to fix various security vulnerabilities, including several released outside of their scheduled monthly patch release cycles.
A survey by PCI Pal concluded the consequences of a data breach had a greater impact in the UK than the United States, in that UK customers were more likely to abandon a company when let down by a data breach. The business reputational impact should always be taken into consideration when risk assessing security.
I will be speaking at the e-crime Cyber Security Congress in London on 6th March 2019, on cloud security, new business metrics, future risks and priorities for 2019 and beyond.
Finally, completely out of the blue, I was informed by 4D that this blog had been picked by a team of their technical engineers and Directors as one of the best Cyber Security Blogs in the UK. The 6 Best Cyber Security Blogs - A Data Centre's Perspective Truly humbled and in great company to be on that list.
- What's the greater risk to UK 5G, Huawei backdoors or DDoS?
- The Business of Organised Cybercrime
- Is Huawei a Threat to UK National Security?
- Customers Blame Companies not Hackers for Data Breaches
- Automotive Technologies and Cyber Security
- The 6 Best Cyber Security Blogs - A Data Centre's Perspective
- Parenting Website Mumsnet hit by Data Breach
- UK Officials Concerned over Huawei’s Presence
- UK Consumers more likely to Abandon a Breached Company according to Research
- US Military Hackers took Russian troll factory offline during midterms, report claims
- GCHQ Chief: Cyber conflict could deteriorate into a Wild West if left unchecked
- Australia’s Major Political Parties Hacked by 'state actor' ahead of Elections
- High Stress Levels Impacting CISOs Physically, Mentally
- 60,000 EU Data Breaches filed under GDPR
- Dow Jones database holding 2.4 million records of politically exposed persons
- Palisades Park receives £151,000 advance after Cyberattack
- UK Bank Customers hit by Dozens of IT shutdowns due to operational and security incidents
- Musical.ly (TikTok App) fined a Record £4.3 Million under United States COPPA
- Microsoft Patches 76 Vulnerabilities, including 20 Critical for Windows, Edge, Hyper-V, Chakra and Adobe Flash
- Microsoft Fixes IIS Vulnerability that can cause CPU usage to Soar 100% when processing HTTP/2 requests
- Adobe Releases fixes 70 Vulnerabilities in Acrobat and Acrobat Reader
- Adobe issues New patch for Acrobat and Reader Out of Band
- RDP Flaws could allow Hackers to take over control of Systems
- Cisco rolls out Multiple Security Updates across its Product Portfolio
- Apple Patches Two Flaws Exploited in Zero-Day Attacks; also fixes FaceTime Eavesdropping Bug
- Mozilla Foundation issues Firefox Updates
- Cisco Network Assurance Engine (NAE) contains Password Vulnerability
- Cisco Patches Two Code Execution Vulnerabilities
- Carbon Black Global Threat Research Project
- 2019 CrowdStrike Global Threat Report
- Netscout Threat Landscape Report: IoT Devices Attacked Faster than Ever, DDoS Attacks up dramatically
B&Q said it had taken action after a security researcher found and disclosed details of B&Q suspected store thieves online. According to Ctrlbox Information Security, the exposed records included 70,000 offender and incident logs, which included: the first and last names of individuals caught or suspected of stealing goods from stores descriptions of the people involved, their vehicles and other incident-related information the product codes of the goods involved the value of the associated loss.
Hundreds of German politicians, including Chancellor Angela Merkel, have had personal details stolen and published online at the start of January. A 20 year suspect was later arrested in connection to this disclosure. Investigators said the suspect had acted alone and had taught himself the skills he needed using online resources, and had no training in computer science. Yet another example of the low entry level for individuals in becoming a successful and sinister hacker.
Hackers took control of 65,000 Smart TVs around the world, in yet another stunt to support YouTuber PewDiePie. A video message was displayed on the vulnerable TVs which read "Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!" It then encourages victims to visit a web address before finishing up with, "you should also subscribe to PewDiePie"
The PewDiePie hackers said they had discovered a further 100,000 vulnerable devices, while Google said its products were not to blame, but were said to have fixed them anyway. In the previous month two hackers carried out a similar stunt by forcing thousands of printers to print similar messages. There was an interesting video of the negative impact of that stunt on the hackers on the BBC News website - The PewDiePie Hackers: Could hacking printers ruin your life?
January saw further political pressure and media coverage about the threat posed to the UK national security by Chinese telecoms giant Huawei, I'll cover all that in a separate blog post.
- Information Security no longer the Department of “NO”
- 43% of Cybercrimes Target Small Businesses - Are You Next?
- The Emergence of Geopolitical Fuelled Cyber Attacks
- Is AI the Answer to never-ending Cybersecurity Problems?
- The Biggest Data Breaches of 2018
- Microsoft Windows 7 & Windows 2008 End of Life
- Cyber Security Conferences to Attend in 2019
- What does Cybersecurity have in store for 2019?
- Cyber Security Predictions for 2019
- Smart Buildings, including Hospitals, riddled with Devices Vulnerable to Hackers
- Airbus warns staff to Increase Vigilance over Cyber-Security following Breach
- US Issues Emergency Cyber Security Directive as Iran-linked Hackers strike during shutdown
- Yahoo Data Breach Payout blocked by judge
- Credential Stuffing Attack prompts Reddit to force Password Reset
- PewDiePie Hackers take over Google Smart TV systems
- TV Licence fee scam - the dangerous fake email and the real refunds available
- 30 Million UK Cyber Attacks carried out in Q4 2018
- B&Q 'exposed data about store thieves'
- Kwik Fit hit by Malware, knocking out IT systems
- German Politicians targeted in Mass Data Cyber Attack
- Microsoft Patches 48 Vulnerabilities, including 7 Critical for Windows, Edge, Hyper-V, Chakra and Adobe Flash
- Microsoft Releases 3 "out of band" non-Critical Patches for Team Foundation Server and Skype Business Server 2015
- CERT/CC issues warning for Microsoft Exchange 2013
- Adobe Releases Fixes 2 Critical Vulnerabilities in Acrobat and Acrobat Reader
- Google Chrome Update contains 58 Security Fixes
- Apple disables Group FaceTime after Major Security Flaw is found
- Critical Privileged Access Vulnerability Patch issued for Cisco Switches
- Intel Patches Flaws that could lead to Privilege Escalation
- Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug
- Oracle Releases 248 Patches within their Quarterly Security Update
- Apple Releases Security Updates for iOS, macOS, tvOS, watchOS and other products
- Flaws in PremiSys Access System could literally open door for Physical Intruders
- Ryuk Ransomware linked to Emotet and TrickBot trojans; suspicions shift to Cyber-Criminal Group
- APT39: New Iranian APT identified by FireEye and Kaspersky
- Iran Linked to new DNS Manipulation Attack
- DarkHydrus APT group delivers RogueRobin Trojan via Google Drive