Security News

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware - a technique called steganography - the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said.

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. In addition to using images uploaded to Baidu Tieba to distribute configuration files and malware - a technique called steganography - the group has begun using Alibaba Cloud storage to host configuration files and Baidu's analytics platform Tongji to manage the activity of its infected hosts, the researchers said.

Results from separate studies by Checkmarx and ExpressVPN reveal consumers won't easily share their personal information with tracing apps due to concern for misuse. The VPN provider ExpressVPN and software security company Checkmarx queried 1,200 and 1,500 consumers, respectively, to find out what Americans think about digital contact-tracing systems having access to their health information.

Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative.

Security researchers working with Trend Micro's Zero Day Initiative have published information on five unpatched vulnerabilities in Microsoft Windows, including four considered high risk. Tracked as CVE-2020-0916, CVE-2020-0986, and CVE-2020-0915, and featuring a CVSS score of 7.0, the first three of these zero-day vulnerabilities could allow an attacker to escalate privileges on the affected system.

Security researcher Vinoth Kumar says Facebook awarded him $20,000 after he discovered and reported a Document Object Model-based cross-site scripting vulnerability that could have been exploited to hijack accounts. The researcher says he discovered the vulnerability in the window.

A cybersecurity researcher at ESET today published an analysis of a new piece of malware, a sample of which they spotted on the Virustotal malware scanning engine and believe the hacker behind it is likely interested in some high-value computers protected behind air‑gapped networks. Dubbed 'Ramsay,' the malware is still under development with two more variants spotted in the wild and doesn't yet appear to be a complex attacking framework based upon the details researcher shared.

Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Data is secured using rules which "Work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths", according to the docs.

Researchers from cybersecurity firm Trend Micro and the Polytechnic University of Milan have analyzed the possible entry points and vectors for attacks targeting smart manufacturing environments, and they discovered several new vulnerabilities in the process. It's not uncommon for traditional malware to make its way into industrial environments and in many cases they are detected by existing security solutions, but sophisticated attackers looking to target industrial organizations are more likely to launch attacks that specifically target operational technology systems to make their attack more efficient and less likely to be detected.

Not only can malicious people make airliners climb and dive without pilot input - they can also control where and when they do so, research from Pen Test Partners has found. TCAS spoofing, the practice of fooling collision detection systems aboard airliners, can be controlled to precisely determine whether an airliner fitted with TCAS climbs or descends - and even to produce climb rates of up to 3,000ft/min.