News

A bug in the latest version of iOS opens iPhone cameras as users peruse their Facebook feeds, letting the social media giant access the cameras. “We have seen no evidence of photos or videos being uploaded due to this bug,” a spokesman told the Guardian, confirming that glitch would let the Facebook app “navigate to the camera screen adjacent to News Feed when users tapped on photos.”   Source: SC Magazine

The claim made by the Mexican state-owned petroleum corporation Pemex that it had recovered from a Nov. 10 cyberattack was met with some skepticism, as published reports indicate the attack may be still affecting the company. Pemex stated it had suffered a cyberattack that impacted about five percent of its computer equipment, but managed to contain the problem and is now operating normally. The company did not say what type of attack transpired, but emails...

The alleged operator of a website that sold payment card numbers stolen from hacked entities was hauled into a Virginia federal courtroom yesterday after Israel extradited the defendant, despite reported efforts by Russia to prevent the prisoner from reaching American soil. Russian national Aleksei Burkov, 29, is accused of running Cardplanet, which offered visitors the opportunity to purchase from a selection of over 150,000 compromised payment cards — many belonging to U.S. citizens. The site...

A new and strange ransomware called AnteFrigus is now being distributed through malvertising that redirects users to the the RIG exploit kit. Unlike other ransomware, AnteFrigus does not target the C: drive, but only other drives commonly associated with removable devices and mapped network drives. The RIG exploit kit uses malicious scripts hosted on attacker-owned or compromised sites that exploit vulnerabilities in Internet Explorer. If these vulnerabilities can be exploited, it will then install a...

Microsoft resolved a known issue causing Microsoft Defender Advanced Threat Protection (ATP) to stop running and fail to send reporting data on some Windows devices after installing the KB4520062 optional non-security update. Some Windows 10 customers affected by the now-fixed bug also received 0xc0000409 errors in the Event Viewer on MsSense.exe according to the known issue's entry.   Source: Bleeping Computer

Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries. Cybercriminals appear to have finally figured out a way to launch highly effective distributed denial-of-service (DDoS) attacks using TCP amplification — something most attackers have typically avoided under the assumption it cannot be done efficiently. Source: Dark Reading

The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer. Patch Tuesday is back once again, bringing with it 74 security fixes, 61 of which are classified as Important and 13 as Critical, including one Internet Explorer bug under active attack. Source: Dark Reading

A cloud infrastructure provider in Iran found itself at the receiving end of a distributed denial-of-service (DDoS) attack through MTProxy servers that Telegram users in the country rely on to avoid government-enforced internet restrictions. As Telegram continues to be banned in Iran, users in this country route their messenger communication through MTProxy servers, which make the traffic look random through encryption. This makes restricting it difficult, allowing servers to fulfill their anti-censorship purpose. Source: Bleeping Computer

Mexico's state-owned oil company, Pemex, has suffered a DoppelPaymer ransomware attack that demanded $4.9 million USD in order to decrypt their files.  On Sunday, November 10th, Pemex was hit with a ransomware attack that the company states affected less than 5% of their computers. Workers reported, though, that internal memos told them not to initially turn on their computers, but were up and running again later in the day on Monday. Source: Bleeping Computer

Google and health care provider organization Ascension have publicly confirmed a recent report that the two companies have embarked on a massive initiative to aggregate the data of roughly 50 million patients and store it on the cloud. The companies say it will improve patient care and administration, but the strategy has also sparked concern among certain consumer advocates, cybersecurity experts and reportedly some Ascension employees — especially because neither patients nor doctors had been...