Lenovo has issued security updates for a fingerprint scanner app it shipped with ThinkPad, ThinkCentre, and ThinkStation machines. Fingerprint Manager Pro is an application developed by Lenovo that allows users to log into Windows machines and online websites by scanning one of their fingerprints using the fingerprint scanner embedded in selected Lenovo products. “A vulnerability has been identified in Lenovo Fingerprint Manager Pro,” said Lenovo...
Read More
These top level numbers summarize the cybersecurity industry over the past year and indicate what’s in store for the next five years. 1. Cyber crime damage costs to hit $6 trillion annually by 2021. It all begins and ends with cyber crime. Without it, there’s nothing to cyber-defend. The cybersecurity community and major media have largely concurred on the prediction that cyber crime damages will cost the...
Read More
The advent of mobile point-of-sale (MPOS) systems has been a boon for consumers and retailers of modest means, but the Payment Card Industry Security Standards Council’s security wonks worried that they can’t adhere to the strict hardware standards that merchants’ credit card merchant terminals. Hence the announcement [PDF] of a new standard that aims to advise merchants on how they can let you pay with a PIN...
Read More
Researchers at NewSky Security say the hacker behind a Mirai malware variant called Satori, also known as Mirai Okiru, is the same hacker behind two new Mirai variants called Masuta and PureMasuta. Based on source code for Masuta malware recently found on the dark web, researchers at NewSky Security said they were able to connect the dots between Satori and Masuta. The hacker is identified...
Read More
Google’s parent company Alphabet has announced its entry into the lucrative enterprise cybersecurity market through Chronicle, a company started in early 2016 as a project at X, Alphabet’s “moonshot factory.” Chronicle has now “graduated” to the status of an independent company within Alphabet, and is lead by Stephen Gillett, formerly an executive-in-residence at Google Ventures and Chief Operating Officer of Symantec. VirusTotal, a malware intelligence service...
Read More
An Android app component meant to provide inter-user chatting capabilities has been opening websites and clicking on ads in phones’ background. According to a report published last week, this malicious component is part of a software development kit (SDK) offered by a Chinese company named 呀呀云 (Ya Ya Yun). Android app developers use the Ya Ya Yun SDK to add an instant messaging (chat) feature to...
Read More
The popular former NSA hacker Patrick Wardle published a detailed analysis of the CrossRAT malware used by Dark Caracal for surveillance. Last week a joint report published by security firm Lookout and digital civil rights group the Electronic Frontier Foundation detailed the activity of a long-running hacking group linked to the Beirut Government and tracked as Dark Caracal. The hacking campaigns conducted by Dark Caracal leverage a custom Android malware...
Read More
Security researchers have discovered over 2,000 WordPress sites —possibly more— infected with a keylogger that’s being loaded on the WordPress backend login page and a cryptojacking script (in-browser cryptocurrency miner) on their frontends. Researchers have tied these newly discovered infected sites to a similar operation that took place in early December 2017. The attack is quite simple. Miscreants find unsecured WordPress sites —usually running older WordPress versions...
Read More
In four months the EU General Data Protection Regulation (GDPR) comes into force, and companies are racing against time to comply with the new rules (and avoid being brutally fined if they fail). One of the things that the regulation mandates is that EU citizens must be able to get access to their personal data held by companies and information about how these personal data are being...
Read More
Description: Mozilla! has released security updates to address multiple vulnerabilities for the following software : Firefox ESR 52.6 Firefox 58 Impact: Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
