Monday 11/26
New Linux crypto-miner steals your root password and disables your antivirus
This rootkit component has even more intrusive features, experts said, such as "the ability to steal user-entered passwords for the su command and to hide files in the file system, network connections, and running processes."
https://zd.net/2TLvkDN
Microsoft: Crash-causing Outlook 2010 security patches are now fixed
Microsoft this week released KB 4461585 for Outlook 2010, which includes patches for the four flaws and shouldn't trigger crashes. Microsoft confirmed it does fix the crash issues caused by KB 4461529.
https://zd.net/2DLeTla
What to Expect for AI (Artificial Intelligence) in 2019
The introduction of AI specialized hardware by Apple, Google, Tesla and NVIDIA is increasing AI performance by tens to hundreds, and enabling that performance in smaller form factors.
http://bit.ly/2Rh5d60
Tuesday 11/27
Cisco to Buy British Networking Software Firm to Beef Up Automation
With the purchase of Ensoft, Cisco looks to further their commitment to simplifying service provider networks through automation and programmability.
http://bit.ly/2KBBMcl
This worm spreads a fileless version of the Trojan Bladabindi
The Bladabindi RAT acts as a data-stealing system and backdoor and is capable of keylogging, the theft of credentials during browser sessions, capturing webcam footage, and both the download and execution of files.
https://zd.net/2KBjV5b
Container Orchestration in the Cloud: Exploring the Cisco, AWS Partnership
Cisco is providing Kubernetes — a container orchestration platform — on AWS through its integrated platform. Both Amazon and Cisco say this will help to simplify the process of developing and orchestrating Kubernete clusters across the AWS cloud and private data centers.
http://bit.ly/2E0gtAU
Wednesday 11/28
Beyond CASB Power: Check Point Announces General Availability for CloudGuard SaaS
Check Point’s CloudGuard portfolio of cloud security products, CloudGuard SaaS protects enterprises that use SaaS applications and cloud-based email (including Office 365, GSuite and OneDrive), and prevents targeted attacks intended to steal sensitive data.
http://bit.ly/2AAv3dY
Malware Companies are Finding New Ways to Spy on iPhones
Earlier this year, Russian cybersecurity firm Kaspersky Lab found evidence that a small government spyware maker called Negg developed a “custom iOS malware that allows GPS tracking and performs audio surveillance activity,” according to a private report the company sent to subscribers. The discovery of Negg’s iOS malware has never been reported outside of Kaspersky.
http://bit.ly/2zs6ccv
I’ve got a bridge to sell you: Why AutoCAD malware keeps chugging on
Criminal hackers continue to exploit a feature in Autodesk’s widely used AutoCAD program in an attempt to steal valuable computer-assisted designs for bridges, factory buildings, and other projects, researchers said Tuesday.
http://bit.ly/2Q36q4r
Thursday 11/29
Kaspersky Security Bulletin 2018. Story of the year: miners
Still on the topic of botnets, it is impossible not to mention that in Q3 2018 we registered a decline in the number of DDoS attacks, the most likely reason being, according to our experts, the “reprofiling” of botnets from DDoS attacks to cryptocurrency mining.
http://bit.ly/2TXd9ek
Splunk Announces Integrations With New Amazon Web Services Security Hub
Splunk’s support for AWS Security Hub allows customers to take an analytics-driven approach to security, and to scale their security operations through automation and orchestration capabilities.
http://bit.ly/2Q3ViE8
Citrix Ranked as a Leader in Unified Endpoint Management Solutions
Designed to assess the current state of the market for unified endpoint management solutions, the report evaluated 12 providers using 28 criteria within the categories of current offering, strategy and market presence.
http://bit.ly/2E2QuZv
Dunkin’ Donuts warns customers of data breach
"Although Dunkin' did not experience a data security breach involving its internal systems, we've been informed that third-parties obtained usernames and passwords through other companies' security breaches and used this information to log into some Dunkin' DD Perks accounts," said the company in a statement.
https://abc13.co/2P8oIfi
Friday 11/30
Atrium Health data breach exposed 2.65 million patient records
Between September 22 and September 29, an unauthorized threat actor was able to gain access to databases containing the records, which included names, home addresses, dates of birth, insurance policy information, service dates, medical record numbers, and account balances. In addition, roughly 700,000 Social Security numbers were exposed.
https://zd.net/2RoXcvS
Marriott reveals data breach of 500 million Starwood guests
For 327 million people, Marriott says the guests' exposed information includes their names, phone numbers, email addresses, passport numbers, date of birth and arrival and departure information. For millions others, their credit card numbers and card expiration dates were potentially compromised.
https://cnn.it/2QulHul
Sophisticated malware could target your smart home in 2019
As for the smart home, the often wobbly security associated with the many internet-connected gadgets therein is always a worry, and McAfee believes that these will be a focus for attacks in 2019.
http://bit.ly/2P5DeEx
KingMiner malware hijacks the full power of Windows Server CPUs
KingMiner generally targets IIS/SQL Microsoft Servers using brute-force attacks in order to gain the credentials necessary to compromise a server. Once access is granted, a .sct Windows Scriptlet file is downloaded and executed on the victim's machine.
https://zd.net/2SgG5fI