Security News
Two information disclosure vulnerabilities recently identified in the Chrome, Edge, and Firefox web browsers may be exploited to obtain information on applications on the system, Fortinet reports. The bugs impact Protocol Handlers, which are related to a mechanism that allows apps to register their own URI schemes used for process execution.
The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data. Xerox issued its security advisory on November 30.Xerox did not share the specifics of the bugs or possible attack scenarios.
Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November. K12 announced this week that they suffered a ransomware attack in mid-November that caused them to lock down some of their IT systems to prevent the attack's spread. "In mid-November, we detected unauthorized activity on our network, which has since been confirmed as a criminal attack in the form of ransomware. Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident," K12 told BleepingComputer in a statement.
UPDATED Infosec researchers at Palo Alto Networks' Unit 42 threat intelligence unit spotted a pair of prominent Chinese apps leaking personal data, and after it informed Google the ad giant dumped the apps from its Play store. Baidu says the personal information was only used to enable push functionality and that the privacy agreement in its apps disclosed that use.
Multiple Android mobile apps found in Google Play, including Baidu Search Box and Baidu Maps, were found by researchers to be leaking data that could be used to track users - even if they switch devices. Researchers found the apps in question to expose a range of information, including: Phone model; screen resolution; phone MAC address; wireless carrier; network; Android ID; International Mobile Subscriber Identity; and International Mobile Equipment Identity.
The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. In this topic, DarkSide has stated that they are working on a distributed storage system to store and leak victims' stolen data.
Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory. The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.
A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. Many of the records contain data for multiple hotel guests that were grouped together on a single reservation; thus, the number of people exposed is likely well over the 10 million, researchers said.
The retrial of a former CIA software engineer charged with leaking secrets to WikiLeaks in an espionage case will begin June 7, a judge said Wednesday. U.S. District Judge Paul A. Crotty set the date for Joshua Schulte over the objections of a defense lawyer who said it would be impossible to properly prepare for a trial that started before August.