Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges. The privilege escalation security flaw tracked as CVE-2019-8461 makes it possible for attackers to run malicious payloads using system-level privileges as well as evade anti-malware detection by bypassing application whitelisting, a technique commonly used to prevent the execution of either unknown or potentially malicious apps, Bleeping Computer reported.
ISBuzz Team
When the news broke that a Capital One data breach had affected approximately 100 million customers in the U.S. and another 6 million in Canada, there was widespread panic among the company’s users and much confusion regarding data storage standards. Even amid the arrest of the woman responsible for accessing the data, Capital One customers were left wondering why their sensitive information was accessible to her in the first place. It is just the latest example of how no company wants to navigate the embarrassment and trust issues that come from a breach. With technologies such as sensors, smartphones, cloud…
Juniper Research published new research yesterday: The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 which finds that Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024 – Cybersecurity Breaches to Increase Nearly 70% Over the Next 5 years (Juniper Research press release link). A Shared Assessments expert offers thoughts on the findings and why organizations should adopt anticipatory compliance.
Wisconsin Diagnostic Laboratories has started to notify 114,985 patients that some of their protected health information (PHI) was compromised in the American Medical Collection Agency’s (AMCA) breach from earlier this year. Data affected includes names, dates of birth, dates of service, names of lab or medical service providers, referring physicians’ names, balance owed and “other” medical information. Also, a few individuals may have had their financial information exposed. AMCA has already filed for Chapter 11 protection after it was reported that the breach affected Quest Diagnostics, LabCorp and BioReference.
The BBC has reported that Nato Secretary General Jens Stoltenberg says all 29 member countries would respond to a serious cyber-attack on one of them. Writing in Prospect Magazine, he said such an incident would trigger a “collective defence commitment”, known as Article 5 of its founding treaty. Article 5 has not been triggered since the 9/11 terror attacks on the US in 2001.
A new Trojan dropper dubbed xHelper was observed while slowly but steadily spreading to more and more Android devices since May, with over 32,000 smartphones and tablets having been found infected in the last four months. Trojan droppers are tools used by threat actors to deliver other more dangerous malware strains to already compromised devices, including but not limited to clicker Trojans, banking Trojans, and ransomware. xHelper, dubbed Android/Trojan.Dropper.xHelper by Malwarebytes Labs’ researchers who discovered it, was initially tagged as a generic Trojan dropper only to be upgraded to the rank of a fully-fledged menace after climbing into the security vendor’s…
Bulgaria’s DSK Bank, a unit of Hungary’s OTP Group, has been fined 1 million levs ($569,930) for a data breach that affected over 33,000 clients, as reported by Reuters. The Bulgarian personal data watchdog said the full names, addresses, copies of ID cards as well as bank account numbers and property deed data of 33,492 people who have taken loans from the bank had been improperly disclosed and accessed by third parties. Personal data of loan guarantors, spouses and contracting parties that were part of over 23,000 loan dossiers had also been breached.
An international research team has discovered clickjacking scripts on 613 popular websites that are used for ad fraud or to redirect users to malicious websites. The research revealed some websites collude with third-party scripts to hijack user clicks for monetization. In particular, their analysis demonstrated that more than 36% of the 3,251 unique click interception URLs were related to online advertising, which is the primary monetization approach on the Web. Further, they discovered that users can be exposed to malicious contents such as scamware through click interceptions.
The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. https://twitter.com/Reuters/status/1166273078332219392
5 software vendors accounted for 24.1% of all the vulnerabilities in 2019 according to the RiskSense Vulnerability Weaponization Spotlight Report.