Almost 8,000 business owners who applied for a loan from the Small Business Administration may have had their personal information exposed to other applicants, the SBA admitted on Tuesday. The breach relates to a long-standing SBA program called Economic Injury Disaster Loans (EIDL). It has traditionally been used to aid owners whose businesses are disrupted by hurricanes, tornadoes, or other disasters. READ MORE...
Four serious security vulnerabilities in the IBM Data Risk Manager (IDRM) have been discovered that can lead to unauthenticated remote code execution (RCE) as root, according to analysis - and a proof-of-concept exploit is available for version 2.0.3. However, IBM has not yet patched the problem. IDRM is a software platform that aggregates threat data from disparate security systems, in order to perform enterprise security risk analysis. READ MORE...
The U.S. Federal Bureau of Investigation (FBI) today warned of ongoing phishing campaigns targeting US healthcare providers using COVID-19 themed lures to distribute malicious attachments. "On 18 March 2020, network perimeter cybersecurity tools associated with US-based medical providers identified email phishing attempts from domestic and international IP addresses," the FBI says in a flash alert coordinated with the DHS Cybersecurity and Infrastructure Security Agency (CISA). READ MORE...
Hackers are trying to infect organizations throughout the world with a popular strain of malware by sending emails that appear to be from an Egyptian oil company. In research published Tuesday, Romanian antivirus company BitDefender noted a surge in attempted phishing attacks that try to trick users into downloading malware by masquerading as Enppi, an oil company owned by the Egyptian government. READ MORE...
A fake WiFi hacking program is being used to distribute a new Coronavirus-themed malware that tries to lock you out of Windows while making some very annoying sounds. Screenlockers are malware programs that display a lock screen when logging into Windows so that you cannot access the Windows desktop or interact with your installed programs and files. READ MORE...
The City of Torrance of the Los Angeles metropolitan area, California, has allegedly been attacked by the DoppelPaymer Ransomware, having unencrypted data stolen and devices encrypted. The attackers are demanding a 100 bitcoin ($689,147) ransom for a decryptor, to take down files that have been publicly leaked, and to not release more stolen files. READ MORE...
ESET researchers found serious security vulnerabilities in three different home hubs: Fibaro Home Center Lite, HomeMatic Central Control Unit (CCU2) and eLAN-RF-003. Some of the flaws could be misused by an attacker to perform MitM attacks, eavesdrop on the victim, create backdoors, or gain root access to some of the devices and their contents. In worst case scenarios, these issues could even allow attackers to take control over the central units and all peripheral devices connected to them. READ MORE...
A vulnerability in Zoom's video conferencing service could have been abused to enumerate all of the registered Zoom users within an organization, Cisco Talos reports. Zoom has drawn a lot of attention over the past several weeks, especially since many organizations have asked employees to work from home during the current COVID-19 pandemic, and, for many, Zoom has become the main option for internal communication. READ MORE...
An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service (DoS) attacks. The OpenSSL Project, which tracks the flaw as CVE-2020-1967, has described it as a "segmentation fault" in the SSL_check_chain function. The vulnerability impacts OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f, and it has been patched with the release of version 1.1.1g. READ MORE...