<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 2/12/2020

SHARE

Top News

Washington Post: "The intelligence coup of the century"

For more than half a century, governments all over the world trusted a single company to keep the communications of their spies, soldiers and diplomats secret. The company, Crypto AG, got its first break with a contract to build code-making machines for U.S. troops during World War II. Flush with cash, it became a dominant maker of encryption devices for decades, navigating waves of technology from mechanical gears to electronic circuits and, finally, silicon chips and software. READ MORE...

Breaches

Estée Lauder Exposes 440M Records, with Email Addresses, Network Info

A non-password protected cloud database containing hundreds of millions of customer records and internal logs for cosmetic giant Estée Lauder has been found exposed online, according to researchers. In all, 440,336,852 individual data pieces were exposed, according to researcher Jeremiah Fowler at Security Discovery. Many of the records importantly contained plaintext email addresses (including internal email addresses from the @estee[dot]com domain). READ MORE...


Data about inmates and jail staff spilled by leaky prison app

Inmates' and correctional facilities employees' data has been sloshed onto the web, unencrypted and unsecured, in yet another instance of a misconfigured cloud storage bucket. Security researchers at vpnMentor came across the leak on 3 January during a web-mapping project that was scanning a range of Amazon S3 addresses to look for open holes in systems. READ MORE...

Software Updates

Intel Patches High-Severity Flaw in Security Engine

Intel is warning of a high-severity flaw in the firmware of its converged security and management engine (CSME), which if exploited could allow privilege escalation, denial of service and information disclosure. CSME powers Intel's Active Management System hardware and firmware technology, used for remote out-of-band management in consumer or corporate PCs, Internet of Things (IoT) devices, and workstations. READ MORE...


Adobe Patches 42 Vulnerabilities Across Five Products

Adobe's February 2020 Patch Tuesday updates fix a total of 42 vulnerabilities across the company's Framemaker, Acrobat and Reader, Flash Player, Digital Editions and Experience Manager products. The highest number of flaws, 21, has been fixed in the Windows version of the Framemaker document processor. The vulnerabilities have been described as critical buffer overflow, heap overflow, out-of-bounds write, and memory corrupt issues that can lead to arbitrary code execution. READ MORE...


Microsoft Patch Tuesday, February 2020 Edition

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited. Also, Adobe has issued a bevy of security updates for its various products, including Flash Player and Adobe Reader/Acrobat. READ MORE...

Science & Culture

'90s nostalgia: Dancing Baby does the cha-cha once more in new HD rendering

Internet denizens of a certain age will recall with fondness the 3D animated Dancing Baby (aka "Baby Cha-Cha" and "the Oogachacka Baby") that went viral in 1996. Sure, the rendering was crude by today's standards and-it must be said-a little creepy, but in many ways, the Dancing Baby was a proto-meme. Now, almost 25 years after it was first created, an enterprising college student has re-rendered the original model and animation in a suitable HD format for modern displays. READ MORE...