Entries by Tomas Foltyn

Microsoft warns of new BlueKeep‑like flaws

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10 Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and […]

Facebook hits two app developers with lawsuit

The legal action, brought over alleged click injection fraud, is said to be among the first of its kind Facebook announced this week that it is suing two Asia-based Android app developers over alleged ad fraud. The social network alleges that LionMobi, based in Hong Kong, and JediMobi, based in Singapore, made apps available on […]

FBI warns of romance scams using online daters as money mules

Up to 30 percent of romance fraud victims in 2018 are estimated to have been used as money mules Scammers are using dating sites and apps not only to scout for lovesick men and women before bilking them out of money, but also to recruit ‘money mules’ for laundering funds obtained in illicit activities. According […]

South African power company battles ransomware attack

The power utility appears to be well on track to a swift recovery following an attack that ultimately left some people without electricity City Power, one of the companies that supplies electricity to South Africa’s biggest city Johannesburg, is grappling with a ransomware attack that left some residents without power, according to Reuters. The unspecified […]

Streaming service withstands 13‑day DDoS siege

The attack, unleashed by a 400,000-strong Mirai-style botnet, may be the largest of its kind on record A botnet made up of 402,000 enslaved Internet-of-Things (IoT) devices has staged a 13-day distributed denial-of-service (DDoS) attack against an undisclosed streaming service, according to a blog post by cybersecurity firm Imperva. The company said it successfully counteracted […]

Data breaches can haunt firms for years

The compromised company may bear the financial brunt of the breach within the first year after the incident occurs, but the price tag is still far from final The average cost of a data breach has risen 12% over the past five years to US$3.92 million globally, according to IBM’s 2019 Cost of a Data Breach study, which […]

VLC player has a critical flaw – and there’s no patch yet

On the flip side, there are currently no known cases of the vulnerability being exploited in the wild Germany’s national Computer Emergency Response Team (CERT-Bund) has issued a security advisory to alert users of VLC media player of a severe vulnerability affecting this extremely popular open-source software. “A remote, anonymous attacker can exploit the vulnerability […]

BlueKeep patching isn’t progressing fast enough

Keeping up with BlueKeep; or how many internet-facing systems, and in which countries and industries, remain ripe for exploitation? As of early July, more than 805,000 internet-facing systems remained susceptible to the BlueKeep security vulnerability, the news of which spooked the internet two months ago and prompted a flurry of alerts urging users and organizations […]

How your Instagram account could have been hijacked

A researcher found that it was possible to subvert the platform’s password recovery mechanism and take control of user accounts An independent researcher has found a security loophole in Instagram’s mobile password recovery flow that could have allowed attackers to break into user accounts. The flaw, discovered and reported by India-based researcher Laxman Muthiyah, has since […]

Week in security with Tony Anscombe

ESET researchers describe the ins and outs of a zero-day exploit that has been used for a highly targeted attack and reveal the name of the threat actor that deployed it In a pair of articles this week, ESET researchers describe the ins and outs of a zero-day exploit that has been used for a […]