<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 5/13/2020

SHARE

Top News

Microsoft Addresses 111 Bugs for May Patch Tuesday

Microsoft has released fixes for 111 security vulnerabilities in its May Patch Tuesday update, including 16 critical bugs and 96 that are rated important. Along with the expected cache of operating system, browser, Office and SharePoint updates, Microsoft has also released updates for .NET Framework, .NET Core, Visual Studio, Power BI, Windows Defender, and Microsoft Dynamics. READ MORE...


US govt exposes new North Korean malware, phishing attacks

The US government today released information on three new malware variants used in malicious cyber activity campaigns by a North Korean government-backed hacker group tracked as HIDDEN COBRA. The new malware is being used "for phishing and remote access by DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions" according to the information published by the FBI, CISA, and DoD. READ MORE...

Breaches

Criminal forum trading stolen data suffers ironic data breach

Someone on the dark web is touting for sale an unusual database a lot of people might pay handsomely to get their hands on. Another rich cache full of sensitive company data, or perhaps something stolen from a military power? In fact, according to the security company that verified its authenticity, Cyble, this is data that a specialised group of internet users will find far more interesting - a database of criminal account holders of the now defunct WeLeakData[.]com breach data trading forum. READ MORE...

Hacking

How two researchers used an app store to demonstrate hacks on a factory

When malicious code spread through the networks of Rheinmetall Automotive last year, it disrupted the German manufacturing firm's plants on two continents, temporarily costing up to $4 million each week. The attacks were the latest reminder to factory owners that computer viruses can hobble production. While awareness of the threats has grown, there's still a risk that too many organizations view such attacks as isolated incidents. READ MORE...

Software Updates

Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK

Adobe has fixed 16 critical flaws across its Acrobat and Reader applications and its Adobe Digital Negative (DNG) Software Development Kit. If exploited, the flaws could lead to remote code execution. Overall, Adobe fixed vulnerabilities tied to 36 CVEs in its regularly-scheduled Tuesday security update. Those include 24 critical- and important-severity flaws in its Acrobat and Reader application. READ MORE...

Malware

Ransomware Forces Shutdown of Texas Judiciary Network

Texas revealed on Monday that a ransomware attack has forced the shutdown of its judicial branch network, including websites and servers. In a notice shared on Twitter, the Office of Court Administration (OCA), which provides IT services to appellate courts and state judicial agencies, revealed that the attack was discovered on Friday morning, and that the network was taken down to prevent further compromise. READ MORE...

Exploits/Vulnerabilities

Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases

Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for games). Features include two NoSQL database managers, Cloud Firestore and the older Realtime Database. READ MORE...


Siemens Says Power Meters Affected by Urgent/11 Vulnerabilities

Siemens informed customers on Tuesday that some of its low and high voltage power meters are affected by the Wind River VxWorks vulnerabilities dubbed Urgent/11. According to Siemens, its Power Meter 9410 and 9810 series products are affected by ten of the eleven Urgent/11 flaws. The German industrial giant says 9410 series devices are only affected if they run a firmware version prior to 2.1.1, which patches the vulnerabilities. READ MORE...

On This Date

  • ...in 1880, Thomas Edison performs the first test of his electric railway in Menlo Park, NJ.
  • ...in 1939, the first commercial FM radio station is launched in Bloomfield, CT. It would later become WDRC-FM, currently 102.9 The Whale.
  • ...in 1964, comedian and TV host Stephen Colbert is born in Washington, D.C.
  • ...in 1969, American musician Brian Patrick Carroll, better known as the masked guitarist Buckethead, is born in Pomona, CA.