Archive for September, 2019

‘Checkm8’: A Permanent Bootrom Vulnerability

Monday, September 30th, 2019

A security researcher who goes by the Twitter handle “axi0mX” announced on Friday that there is a permanent Bootrom vulnerability “checkm8” in Apple iOS.  The flaw enables bypassing the security protections present in most Apple mobile devices.  Downside: cannot be patched.  Upside: physical access is needed  to exploit it and a system restart erases any […]

Airbus Victim of Multiple Attacks

Monday, September 30th, 2019

Airbus, a European aerospace company, had found itself the victim of several possible Chinese hacker attacks searching for proprietary data and insider secrets. According to sources, AFP spoke to seven security and industry sources, all of whom confirmed a spate of attacks in the past 12 months but asked for anonymity because of the sensitive nature […]

NOT Your Prince Charming: Old Scam Makes Updated Revival

Monday, September 30th, 2019

“Advance fee” or “419” scams have been around for years.  The scam works via an attempt to contact the victim so they can be gifted an exuberant amount of funds left unclaimed by a deceased individual who has the same last name as the victim or is their long-lost relative.  Or in the case of […]

Snowden & Publisher Sued for Book Proceeds

Wednesday, September 18th, 2019

The Justice Department is suing Edward Snowden and his publisher MacMillan and Holtzbrinck. Snowden, a former contractor for the CIA and NSA government agencies, released his book Permanent Record today.  The Justice Department says that Snowden failed to “clear” the book with them, and they are now attempting to recover “all proceeds earned by Snowden […]

Microsoft Security Patch Released 9/10/19

Wednesday, September 11th, 2019

Microsoft issued security updates yesterday to plug roughly 80 security issues holes in its Windows operating systems and software. Over 25% of those updates are critical.  This is the fourth time this year that Microsoft has had to fix bugs in its Remote Desktop Feature. Two of the bugs resolved in this month’s patch batch […]

Over 400 Million Facebook Users’ Phone Numbers Found Online

Wednesday, September 11th, 2019

A server without password protection gave anyone access to more than 419 million Facebook users’ private information globally.   Each accessible record contained a user’s Facebook ID, phone number, and location.  Some even had the user’s name. This latest in a long string of incidents for Facebook exposed millions of users to significant risk to spam […]

Chrome Security Fix

Wednesday, September 4th, 2019

Justin Schuh, Google Chrome’s security lead and Engineering Director, has issued a warning that all Chrome users need to run an update NOW.  Google Threat Analysis Group has identified a zero-day vulnerability that is actively being exploited: CVE-2019-5786. Although information remains limited on CVE-2019-5786, it is suspected to be a UAF vulnerability in FileReader.  The […]

Google Researchers Warn iPhone Users to Keep Security Up

Tuesday, September 3rd, 2019

  Google researchers released a report earlier today that warns your iPhone can be hacked just by visiting one innocent-looking website. A previous iPhone hacking campaign discovered by Google’s ProjectZero had identified at least five unique iPhone exploit chains that were capable of remotely jailbreaking an iPhone and loading spyware on it. Those exploit chains were […]

Cyber-Insurance Companies: Are They Fueling Ransomware Frequency Spikes?

Tuesday, September 3rd, 2019

ProPublica says cyber-insurance companies are making the push to pay ransom demands because it saves them money in the long run.  A $500,000 payout makes better financial sense than  a recovery campaign that could cost millions.  The recent even in Lake City, Florida is a good example.  Ransomware attacks were covered under the city’s cyber-insurance […]

Surge in Ransoms Expected Due to MegaCortex 2.0

Tuesday, September 3rd, 2019

  According to researchers from Accenture’s iDefense team, this newer version is ready for wide-scale attacks, with increased ability to kill a number of security products, and a main payload run directly from memory. “The password requirement…prevented the malware from being widely distributed worldwide and required the attackers to install the ransomware mostly through a […]