News

A “double-free” bug in WhatsApp lets attackers exploit it using a malicious GIF to access user content, according to a blog post by a self-described technologist and information security enthusiast that goes by the handle Awakened on GitHub. An attacker would need to send the GIF via a messaging platform to a victim’s device where the vulnerability is exploited and allows access to content once the user opens the photo gallery to send any image. Source: SC...

Hackers caused havoc at four restaurant chains in the U.S. over the summer after compromising their payment systems with malware that stole customers' payment card information. In the last two days, McAlister's Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee disclosed publicly that their networks were infected with point-of-sale malware copying data from cards used in person at certain locations. Source: Bleeping Computer

An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016. A database holding more than 20 million Russian tax records was found unprotected, leaving personal tax data accessible to anyone with a web browser, researchers reported this week. The AWS Elasticsearch cluster contained data on Russian citizens spanning 2009 to 2016, according to Comparitech, which partnered with security researcher Bob Diachenko to investigate the leak. No password or any authentication...

Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report. When spouses, colleagues, domestic partners, and random strangers install software to spy on a victim, the "stalkerware" can be a disturbing tool of abuse. And it's a tool that's part of a problem that is growing in size and scope. A new report, "The State of Stalkerware in 2019," from Kaspersky Lab, shows that...

The feature will check the strength of saved passwords and alert users when they're compromised in a breach. Google is building a "password checkup" tool into its account controls to improve password habits by telling people if their passwords are weak and when they have been compromised. This marks an expansion of Google's Password Checkup browser extension, which has accumulated more than 1 million downloads and warned half of users to a compromised password since...

FDA, DHS issue fresh warnings on easily exploitable URGENT/11 flaws in medical, SCADA systems, industrial controllers, and other devices. A substantially greater number of real-time operating systems (RTOSes) powering critical medical, industrial, and enterprise devices, are affected by a set of recently discovered security vulnerabilities than were originally reported. Armis, which earlier this year disclosed as many as 11 zero-day bugs in VxWorks RTOS—an OS embedded in over two billion devices—this week described five other...

The cyber division of the Ukrainian police took to pieces an operation that made money by registering accounts used to send spam through various services, including email and social networks. The bot farm allowed its cybercriminal customers to buy large numbers of active accounts for multiple online services. These were then used to deliver unsolicited messages. Source: Bleeping Computer

Meghan Markle and Prince Harry, the Duke and Duchess of Sussex, are suing the Associated Papers, parent company of the Daily Mail, for breach of the U.K.’s Data Protection Act of 2018 after the Mail published a private letter Markle sent to her father. The act, the U.K.’s complement to GDPR, requires protections for personal data, requiring that, among other things, it be “used fairly, lawfully and transparently; used for specified, explicit purposes; used in a way...

The average cost of enterprise data breaches has risen to $1.41 million in 2018, up from $1.23 million in 2017, according to new research from Kaspersky. It's estimated that there have already been 4,000 data breaches in the first half of 2019, affecting four billion users' data.  But companies with internal cybersecurity (security operation center or SOC) experienced only half the financial loss, compared to those without protection from cyber attacks. Cyber attacks are both anticipated and rampant, and...

In the last three years, almost two thirds (60 per cent) of businesses have experienced a data breach. This is according to a new global report from Bitdefender, which also adds that those that haven’t been attacked yet – expect to experience such a scenario soon. As a matter of fact, more than a third of infosec professionals (36 per cent) polled for the report, whose employers haven’t been attacked yet, believe it’s likely that they’re...