News

The March edition of Patch Tuesday includes fixes for 64 CVE-listed vulnerabilities, while Adobe addressed a pair of bugs in Photoshop and Digital Editions. Even SAP has got in on the game. DHCP flaws headline Patch Tuesday priorities. Of the 64 bugs squashed in Redmond's March update, researchers are pointing to five particular bugs as being especially noteworthy. First, there are the trio of CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726, all covering holes present in the DHCP server component for...

A new variant of an infamous banking Trojan malware with a history going back over ten years has emerged with new tactics to ensure it's harder to detect. The malware aims to hunt out financial information, usernames, passwords and other sensitive data. The Ursnif banking Trojan is one of the most popular forms of information-stealing malwaretargeting Windows PCs and it has existed in one form or another since at least 2007, when the its code first...

Many students of the Central Michigan University were hacked after they opened emails having the bright blue button which says "click here to read message", and then inevitably clicks them. The emails look like being sent by somebody already known to the student, as the subject line was already exchanged previously with that person. "One of the interesting things is that because the subject line is always different, it was hard to identify, but if...

The Swiss Federal Chancellery (SFC) on Tuesday said security researchers have found an fascinating flaw in the Swiss Post's e-voting system as part of an ongoing penetration test. Said flaw, if successfully exploited by miscreants, would prevent officials from detecting unauthorized changes to citizens' electronically-cast votes. Swiss authorities released the source code of their computer-based voting system and began a public audit of their blueprints on February 25, 2019, to identify vulnerabilities and fix them. The test is scheduled...

A new Ransomware-as-a-Service called Yatron is being promoted on Twitter that plans on using the EternalBlue and DoublePulsar exploits to spread to other computer on a network. This ransomware will also attempt to delete encrypted files if a payment has not been made in 72 hours. BleepingComputer was first notified about the Yatron RaaS by a security researcher who goes by the name A Shadow. Since then, the actor behind this ransomware has strangely been promoting the service...

The state now says more than 600,000 people might have been affected by a health care data breach. Michigan Attorney General Dana Nessel says the breach involving Wolverine Solutions Group impacted customers with several health systems. Those include Blue Cross Blue Shield of Michigan, McLaren Health Care and others. Wolverine Solutions Group says the ransomware got into patient’s information including names, social security numbers, medical information and other sensitive information. Source: 9 and 10 News

Ransomware may be poised to return as a top scourge for companies, as more and more of them pay up after an attack in an effort to minimize the cost of recovery. That’s just one insight gleaned from an interview at RSA Conference 2019 last week with Josh Zelonis, senior analyst at Forrester Research. Threatpost sat down with Zelonis to discuss looming threats to corporate security, especially those that may not be that well-known. According...

President Donald Trump has revealed his proposed budget for the 2020 fiscal year, which "supports the creation" of Space Force (USSF) as the sixth branch of the armed forces. The White House also hopes to bolster cybersecurity and NASA exploration missions. The administration wants to increase Department of Defense spending by five percent to $718 billion. It's earmarking more than $9.6 billion to support three DOD cybersecurity objectives: "safeguarding DOD's networks, information, and systems; supporting military commander objectives; and defending the nation." That...

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box  enterprise storage accounts that can easily be discovered. The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly...

As emerging technology and threat landscapes experience rapid transformation, the skillsets need to change as well. 80 percent of 336 IT security professionals Dimensional Research polled on behalf of Tripwire believe it’s becoming more difficult to find skilled cybersecurity professionals, and nearly all respondents (93 percent) say the skills required to be a great security professional have changed over the past few years. Source: Help Net Security