All about Security, News, Events and Incidents

Discussion in 'Security and Anti-Virus Software' started by Dr. AMK, Apr 26, 2018.

  1. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,686
    Messages:
    2,146
    Likes Received:
    4,463
    Trophy Points:
    281
    jclausius and Papusan like this.
  2. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,686
    Messages:
    2,146
    Likes Received:
    4,463
    Trophy Points:
    281
    Last edited: Jul 17, 2020
  3. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    5,635
    Messages:
    3,202
    Likes Received:
    2,398
    Trophy Points:
    231
    "Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’"

    - System admins need to patch servers as quickly as possible

    - Such a flaw could allow attackers to create special malware that remotely executes code on Windows servers and creates malicious DNS queries that could even eventually lead to a company’s infrastructure being breached.

    - Windows 10 and other client versions of Windows are not affected by the flaw, as it only affects Microsoft’s Windows DNS Server implementation

    https://www.theverge.com/2020/7/14/...er-security-vulnerability-patch-critical-flaw

    17 yr old security hole? How far back will MS go to create patches on old Windows Server operating systems?
     
    Dr. AMK likes this.
  4. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,648
    Messages:
    27,231
    Likes Received:
    50,720
    Trophy Points:
    931
    [​IMG]

    Twitter Details Its Massive Security Hack, What Happened And Corrective Actions Hothardware.com | Jul 18, 2020
    Following a massive data breach earlier this week, Twitter now finds itself in the precarious position of balancing transparency with security. That's to say, Twitter has divulged some additional details about what happened and what steps it is taking in the aftermath, but is also keeping certain information close to... Read more...
    upload_2020-7-18_16-46-58.png

    Twitter is also aware that it is now in a position of "rebuilding trust". Yeah, until the next Hack.
     
    6730b, jclausius and Dr. AMK like this.
  5. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,648
    Messages:
    27,231
    Likes Received:
    50,720
    Trophy Points:
    931
    [​IMG]

    SECURITY, HARDWARE, TECHNOLOGY
    D-Link blunder: Firmware encryption key exposed in unencrypted image bleepingcomputer.com
    The router manufacturer leaks encryption keys in some firmware versions letting reverse engineers decrypt the latest firmware images.

    “More and more device manufacturers are moving toward encrypting firmware, however, most are starting from unencrypted firmware images. This usually means there must be an unencrypted firmware image with the password or key stored inside of it. If you can find the last unencrypted image, you can generally find the password and thus decrypt any subsequent encrypted images,” Starke further told BleepingComputer.
     
    jclausius and Dr. AMK like this.
  6. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,648
    Messages:
    27,231
    Likes Received:
    50,720
    Trophy Points:
    931
    Dr. AMK likes this.
  7. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,648
    Messages:
    27,231
    Likes Received:
    50,720
    Trophy Points:
    931
    Intel is flooded with problems. Can't even protect own intellectual property.

    [​IMG]

    SECURITY
    Intel leak: 20GB of source code, internal docs from alleged breach bleepingcomputer.com | Today
    Classified and confidential documents from U.S. chipmaker Intel, apparently resulting from a breach, have been uploaded earlier today to a public file sharing service.

    ------------------------------------------------------------------------------

    And the usual from Microsoft. Nothing in between. Buggy patches.

    [​IMG]

    SECURITY
    Unpatched bug in Windows print spooler lets malware run as admin bleepingcomputer.com | Today
    Researchers found a way to bypass a patch Microsoft released to address a bug in the Windows printing services, which gives attackers a path to executing malicious code with elevated privileges.

    -------------------------------------------------------------------

    Apple ain't much better. Apple security is rolling downwards the hill!

    Apple and holey security: iCloud, iPhone and Mac
    Posted on August 6, 2020 by Günter Born
    [​IMG]
    At the moment, it looks to me as if Apple and its products are about to be shot down in terms of security. A vulnerability in Touch ID allowed hackers to take over iCloud accounts. And the security chips of the Macs and iPhones / iPads seem to be circumvented. Here is a brief overview...
     
    Last edited: Aug 6, 2020
  8. jclausius

    jclausius Notebook Virtuoso

    Reputations:
    5,635
    Messages:
    3,202
    Likes Received:
    2,398
    Trophy Points:
    231
    "Confirmed: Garmin received decryptor for WastedLocker ransomware"

    - ...can confirm that Garmin has received the decryption key to recover their files encrypted in the WastedLocker Ransomware attack.

    - On July 23rd, 2020, Garmin suffered a worldwide outage where customers could not access their connected services, including the Garmin Connect, flyGarmin, Strava, inReach solutions.

    - Employees later shared with BleepingComputer that the ransom demand was $10 million.

    Wow! So crime *does* pay?

    https://www.bleepingcomputer.com/ne...ceived-decryptor-for-wastedlocker-ransomware/
     
    Papusan and Dr. AMK like this.
  9. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,686
    Messages:
    2,146
    Likes Received:
    4,463
    Trophy Points:
    281
    [​IMG]

    TeamViewer Flaw Could Let Hackers Steal System Password Remotely
    If you are using TeamViewer, then beware and make sure you're running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if ...
    Read More
     
    jclausius and Papusan like this.
  10. Papusan

    Papusan JOKEBOOKs Sucks! Dont waste your $$$ on FILTHY

    Reputations:
    33,648
    Messages:
    27,231
    Likes Received:
    50,720
    Trophy Points:
    931
    Vulnerabilities in Qualcomm Snapdragon's DSP May Render 1 Billion Android Phones Vulnerable to Hacking techpowerup.com | Yesterday, 20:30

    Vulnerabilities in Qualcomm's DSP (Digital Signal Processor) present in the company's Snapdragon SoCs may render more than a billion Android phones susceptible to hacking. According to research reported this week by security firm Check Point, they've found more than 400 vulnerabilities in Snapdragon's DSP, which may allow attackers to monitor locations, listen to nearby audio in real time, and exfiltrate locally-stored photos and videos - besides being able to render the phone completely unresponsive.

    The vulnerabilities (CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209) can be exploited simply via a video download or any other content that's rendered by the chip that passes through its DSP. Targets can also be attacked by installing malicious apps that require no permissions at all. Qualcomm has already tackled the issue by stating they have worked to validate the issue, and have already issued mitigations to OEMs, which should be made available via software updates in the future. In the meantime, the company has said they have no evidence any of these flaws is being currently exploited, and advise all Snapdragon platform users to only install apps via trusted locations such as the Play Store.
     
    jclausius and Dr. AMK like this.
Loading...

Share This Page