Magecart Returns with Advertising Library Tactic

Kapersky Labs - Wed, 16/01/2019 - 15:11
The threat group also has a new subsidiary, Magecart Group 12.
Categories: News

Epic's Fortnite fail: Ancient UT2004 server used for login-stealing proof-of-concept

The Register - Wed, 16/01/2019 - 14:13
A tale of XSS, SQL injection and OAuth implementation

Crafty infosec bods exploited XSS vulns on dusty corners of Epic Games’ web infrastructure to steal Fortnite gamers’ login tokens and compromise their accounts – using a genuine Epic Games URL to phish their marks.…

Categories: News

VOIPO Database Exposes Millions of Texts, Call Logs

Kapersky Labs - Wed, 16/01/2019 - 14:00
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.
Categories: News

Microsoft sends a raft of Windows 10 patches out into the Windows Update ocean

The Register - Wed, 16/01/2019 - 13:35
Whoa - is that an Access 97 iceberg dead ahead?

Microsoft has released a second raft of fixes for Windows 10 following the monthly Patch Tuesday excitement last week. It has also issued some fixes for its latest Windows Insider build.…

Categories: News

EDGAR Wrong: Ukrainians hacked SEC, stole docs for inside trading, says Uncle Sam

The Register - Tue, 15/01/2019 - 23:55
Crooks banked $270,000 in just one move, it is claimed

A pair of Ukranian hackers broke into America's financial watchdog to swipe insider info for stock traders, it is claimed.…

Categories: News

IDenticard Zero-Days Allow Corporate Building Access, Location Recon

Kapersky Labs - Tue, 15/01/2019 - 22:43
Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.
Categories: News

'It's like they took a rug and covered it up': Flight booking web app used by scores of airlines still vuln to attack – claim

The Register - Tue, 15/01/2019 - 22:26
Security hole can still be exploited to tamper with journeys, warn infosec bods

Exclusive  A security hole in a widely used airline reservation system remains open to exploit, allowing miscreants to edit strangers' travel details online, The Register has learned. A fix to close the vulnerability was incomplete, and thus ineffective, it is claimed.…

Categories: News

Data Breach Roundup: U.S. Healthcare, Cryptopia, SingHealth and Experian

Kapersky Labs - Tue, 15/01/2019 - 21:44
January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.
Categories: News

Judge: Law Enforcement Can’t Force Suspects to Unlock iPhones with FaceID

Kapersky Labs - Tue, 15/01/2019 - 18:53
A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.
Categories: News

ThreatList: $1.7M is the Average Cost of a Cyber-Attack

Kapersky Labs - Tue, 15/01/2019 - 18:38
Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.
Categories: News

Yes, you can remotely hack ... building site cranes. Wait, what?

The Register - Tue, 15/01/2019 - 16:36
Authentication is simply AWOL for remote RF construction plant, says Trend Micro

Did you know that the construction industry uses radio-frequency remote controllers to operate cranes, drilling rigs and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro.…

Categories: News

Want to get rich from bug bounties? You're better off exterminating roaches for a living

The Register - Tue, 15/01/2019 - 05:54
Before you outsource security to strangers, try boosting internal cybersecurity skills

Security researchers looking to earn a living as bug bounty hunters would to do better to pursue actual insects.…

Categories: News

Oh, SSH, IT please see this: Malicious servers can fsck with your PC's files during scp slurps

The Register - Tue, 15/01/2019 - 01:44
Data transfer tools caught not checking what exactly they're downloading

A decades-old oversight in the design of Secure Copy Protocol (SCP) tools can be exploited by malicious servers to unexpectedly alter victims' files on their client machines, it has emerged.…

Categories: News

This must be some kind of mistake. IT managers axed, CEO and others' wallets lightened in patient hack aftermath

The Register - Mon, 14/01/2019 - 23:45
Executives held to account? And three underlings thanked for their work? What is this madness?

The Singaporean government-owned biz responsible for that country's patient database has fined senior executives, including the CEO, and dismissed two managers, after blunders allowed hackers to siphon off private records.…

Categories: News

Cops told: No, you can't have a warrant to force a big bunch of people to unlock their phones by fingerprint, face scans

The Register - Mon, 14/01/2019 - 22:46
Judge rules compelled use of biometrics runs into Fifth Amendment protections

A US judge last week denied police a warrant to unlock a number of devices using biometrics identifiers like fingerprints and faces, extending more privacy to device owners than previous recent cases.…

Categories: News

Popular Web-Hosting Platform Bluehost Riddled with Flaws, Researcher Claims

Kapersky Labs - Mon, 14/01/2019 - 22:22
He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms.
Categories: News

Intel's Software Guard caught asleep at its post: Patch out now for SGX give-me-admin hole

The Register - Mon, 14/01/2019 - 21:41
Chipzilla adds to IT admins security update load

While admins were busy wrangling with the mass of security patches from Microsoft, Adobe, and SAP last week, Intel slipped out a fix for a potentially serious flaw in its Software Guard Extensions (SGX) feature.…

Categories: News

Threatpost Poll: Can We Fix 2FA?

Kapersky Labs - Mon, 14/01/2019 - 19:50
Take our short poll to weigh in on the state of two-factor authentication.
Categories: News

Hack Allows Escape of Play-with-Docker Containers

Kapersky Labs - Mon, 14/01/2019 - 18:10
Researchers created a proof-of-concept escape of Docker test environment.
Categories: News

Ryuk Hauls in $3.7M in ‘Earnings,’ Adds TrickBot to the Attack Mix

Kapersky Labs - Mon, 14/01/2019 - 17:06
The malware's operator, Grim Spider, could be affiliated with Russian cybercrime rings, according to some -- others say there's no concrete evidence.
Categories: News


Subscribe to Sec Tec Limited aggregator - News