Security News

An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials. Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.

IDmission announced its Identity Management System to reduce unauthorized access to large multi-tenant facility access points. With IDMS, large organizations can significantly control physical and logical access points throughout the enterprise.

When Adobe released security updates for Magento last week, it warned that the Magento 1.x branch is reaching end-of-life and support on June 30, 2020, and that those were the final security patches available for Magento Commerce 1.14 and Magento Open Source 1. "If you have a store that continues to run on Magento 1 after June 30, please be aware that from that date forward you have increased responsibility for maintaining your site's security and PCI DSS compliance," Adobe warned.

Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a "Lowly" privilege escalation vulnerability in the Windows Print Spooler service. CVE-2020-1048, which affects Windows 7, 8.1, and 10 and Windows Server 2008, 2012, 2016, and 2019, arises from the Windows Print Spooler service improperly allowing arbitrary writing to the file system.

One key addition to the malware is a small eyeball icon included in the control panel that can be used to recognize whether a user of a device with Anubis installed is looking at the device or not. The threat actors behind Anubis also are developing a way to integrate Yandex maps into the malware to show the location of infected devices, according to the report.

The ai Corporation, an FCA approved expert in payments, fraud and risk management, announced that it has upgraded EazyFuel, its closed loop fuel card platform, to be fully PCI compliant, in anticipation of the expansion of PCI Data Security Standard to cover fuel cards. Ai, whose aiGateway - omni-channel payment gateway - was granted Level 1 Service Provider accreditation recently, has rolled out PCI compliance across its suite of payments, fraud and risk management solutions for the fuel industry, in advance of any change to PCI DSS compliance or regulation.

RepRisk, a pioneer and leader in ESG data science announces the launch of its upgraded ESG Risk Platform - the world's largest and most comprehensive due diligence database on ESG and business conduct risks. "RepRisk has been on the cutting edge of ESG data science for over a decade, becoming the first firm to leverage big data techniques to better understand ESG risks in 2006" said Philipp Aeby, CEO of RepRisk.

Apple engineers think they've come up with a simple way to make SMS two-factor authentication one-time codes less susceptible to phishing attacks: agree a common text format so their use can be automated without the need for risky user interaction. The concept proposed by the company's Safari WebKit team is that apps such as mobile browsers will automatically process SMS text codes as they are received, submitting them to the correct website.

Kali Linux 2020.1 released: New tools, Kali NetHunter rootless, and more!Offensive Security have released Kali Linux 2020.1, which is available for immediate download. You can upgrade Windows 7 for free! Why wouldn't you?Windows 7 has been Microsoft's most successful operating system and, it's safe to say, one of the most loved. How industries are evolving their DevOps and security practicesThere's significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet's report based on nearly 3,000 responses.

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.