Security News > 2020 > October
Hackers associated with the "Fullz House" group have compromised the website of Boom! Mobile and planted a web skimmer, Malwarebytes reports. The attack on Boom! Mobile, Malwarebytes reveals, involved the injection of one line of code containing a Base64 encoded URL designed to load a JavaScript library from a remote domain used in a previous attack.
Researchers discovered several potentially serious vulnerabilities in Pepperl+Fuchs Comtrol's RocketLinx industrial switches, including ones that can be exploited to take complete control of devices. SEC Consult told SecurityWeek that exploitation of the vulnerabilities requires network access to the targeted switch - no permissions are needed on the device itself.
The EU's top court on Tuesday put limits on how European spy and security agencies could harvest troves of personal data, but said this could be done under a serious threat to national security. At the request of the courts in France, Belgium and Britain, the European Court of Justice confirmed that "EU law precludes national legislation" that requires telcos and tech companies to carry out the "Indiscriminate retention" of data, a statement said.
Google has released Chrome 86 today, October 6th, 2020, to the Stable desktop channel, and it includes numerous security enhancements, features, and APIs for developers. Chrome 86 brings many security enhancements to both desktop and mobile users in the form of increased password security, protection from insecure downloads and form submissions, and biometric protection when auto-filling saved passwords.
Microsoft awarded over $370,000 in bounties to security researchers for 16 bounty eligible reports of vulnerabilities submitted through the Azure Sphere Security Research Challenge IoT-focused research program. Azure Sphere Security Research Challenge is a 3-month expansion to the Azure Security Lab bounty program Microsoft announced last year at Black Hat 2019.
Multiple malware campaigns have been spotted using Pastebin-style services to facilitate their nefarious activities. This week Juniper Threat Labs have identified malware campaigns relying on legitimate paste services like paste.
Previously I have written about the Swedish-owned Swiss-based cryptographic hardware company: Crypto AG. It was a CIA-owned Cold War operation for decades. Today it is called Crypto International, still based in Switzerland but owned by a Swedish company.
Cybersecurity researchers today disclosed details of security vulnerabilities found in popular antivirus solutions that could enable attackers to elevate their privileges, thereby helping malware sustain its foothold on the compromised systems. According to a report published by CyberArk researcher Eran Shimony today and shared with The Hacker News, the high privileges often associated with anti-malware products render them more vulnerable to exploitation via file manipulation attacks, resulting in a scenario where malware gains elevated permissions on the system.
A US district judge has ordered Cisco to pay $1.9 billion to Centripetal Networks, Inc., for infringing on four patents related to cybersecurity. The company has developed technology for operationalizing and automating threat intelligence and has been awarded various patents in the United States and abroad. In a lawsuit filed in the Eastern District of Virginia in March 2018, the company claimed that numerous Cisco product series have been infringing on five of its patents for years.
Aviation boffins have found that next-gen collision aircraft avoidance systems appear to be just as vulnerable to signal spoofing attacks as older kit. In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision Avoidance System X, due to be deployed on commercial aircraft in the next few years, and found that it can be manipulated by a miscreant to produce fake collision alerts that prompt pilots to take evasive action.