Security experts say the incident shows that cybercriminals are using ransomware to hit companies where it hurts.
Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration.
Authorities cracked down on cybercrime group Evil Corp. with sanctions and charges against its leader, known for his lavish lifestyle.
HackerOne has paid out $20,000 to a bounty hunter who discovered a session cookie issue, due to “human error,” on the bug bounty platform.
Original release date: December 5, 2019 The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations with information sharing
The authentication bypass (CVE-2019-19521) is remotely exploitable.
Original release date: December 5, 2019 Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. The Cybersecurity and Infrastructure Security
Original release date: December 5, 2019 The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity
librabbitmq vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 14.04 ESM Summary RabbitMQ could be made to execute arbitrary code if it received a specially crafted input. Software Description librabbitmq – Command-line utilities for interacting with AMQP servers Details It was discovered that RabbitMQ incorrectly handled
Original release date: December 5, 2019 This Alert is the result of recent collaboration between Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA)