Monday 2/25
Phishing campaign attempts to spread a new brand of snooping malware
A series of spear-phishing attacks using fake emails with malicious attachments attempts to deliver a new family of malware, which researchers at Palo Alto Networks have identified and dubbed BabyShark. The campaign started in November and remained active at least into the new year.
https://zd.net/2U4F3Vq
Cisco HyperFlex Software Command Injection Vulnerability
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user.
http://bit.ly/2NqLWy1
Mobile Malware on the Rise, Warns McAfee
McAfee pointed in particular to surging detections of mobile backdoor threats like TimpDoor – malware now twice as prevalent as its closest competitor – along with a sharp spike in the number of “fake” apps it noted towards the end of 2018, including trojans.
http://bit.ly/2U7bAdB
Tuesday 2/26
7 mobile security threats you should take seriously in 2019
While it's easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing as we make our way through 2019.
http://bit.ly/2Xp6eMR
CyberArk Named Best Privileged Access Security Solution
The CyberArk Privileged Access Security Solution is the industry’s most comprehensive solution for protecting against the exploitation of privileged accounts, credentials and secrets anywhere – across on-premises, cloud and DevOps environments, and on the endpoint. CyberArk helps eliminate the most advanced cyber threats by identifying existing credentials across networks, locking them down, and leveraging continuous monitoring to detect and isolate anomalous behavior to stop attacks early on.
http://bit.ly/2EzogVd
Security Bulletin: NVIDIA GPU Display Driver – February 2019
NVIDIA has released a software security update for the NVIDIA GPU Display Driver. This update addresses issues that may lead to denial of service, escalation of privileges, code execution, or information disclosure.
http://bit.ly/2GLv704
Wednesday 2/27
Hackers Can Slip Invisible Malware into ‘Bare Metal’ Cloud Computers
On Tuesday, researchers at the security firm Eclypsium published the results of an experiment in which they showed that they could, for a certain class of cloud computing servers, pull off an insidious trick: They can rent a server from a cloud computing provider—they focused on IBM in their testing—and alter its firmware, hiding changes to its code that live on even after they stop renting it and another customer rents the same machine.
http://bit.ly/2GN6eRQ
74% Of Data Breaches Start With Privileged credential Abuse
Attackers are increasingly logging in using weak, stolen, or otherwise compromised credentials. Centrify’s survey underscores how the majority of organizations’ IT departments have room for improvement when it comes to protecting privileged access credentials, which are the ‘keys to the kingdom.’
http://bit.ly/2NvDrS8
UConn health notifies up to 326,000 patients of data breach
A third party illegally gain access to several employee email accounts. As many as 326,000 patients were potentially affected by the attack, according to local news station WFSB. UConn Health discovered the email accounts were attacked on Dec. 24, 2018. The email accounts contained names, dates of birth, addresses and limited medical information, such as billing and appointment information. Of the patients affected, 1,500 also have their Social Security number at risk.
http://bit.ly/2NAQnq4
Thursday 2/28
Cisco: Patch routers now against massive 9.8/10-severity security hole
The vulnerability allows any attacker with any browser to execute code of their choice via the web interface used for managing Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. The networking giant has assigned the bug, tagged as CVE-2019-1663, with a severity score of 9.8 out of a possible 10 under the Common Vulnerability Scoring System (CVSS).
https://zd.net/2SxJZRd
Farseer malware brings Windows exploits to attack group’s Android arsenal
Generally focused on smartphones, the hackers have now expanded their horizons with the launch of Farseer. The malware is spread through phishing campaigns and malicious .PDF files which employ social engineering tactics through the copy-and-paste of news articles sourced through a Myanmar website.
https://zd.net/2Tny7FP
Symantec Boosts Tech Integrations With Data Exchange, Startup Help
The ICD Exchange standardized APIs, EVP and enterprise products GM Art Gilliland said, making it possible for technology partners to develop and deliver value to customers faster. With the ICD Exchange, Gilliland said products and systems from different vendors end up using the same language to understand what's happening in an environment.
http://bit.ly/2T3m29v