Search Results for “Krebs on Security”

September 11, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues Around Eighty Security Updates to Windows and Related Software, Almost a Quarter Rated Critical, Adobe Plugs Two Holes in Flash Player

Microsoft issued around 80 security updates to fix flaws across its Windows operating systems and related software, with almost a quarter of the fixes rated critical. Two of the flaws, CVE-2019-1214 and CVE-2019-1215, are privilege escalation vulnerabilities that have been exploited in the wild and four are critical fixes for Microsoft’s Remote Desktop Protocol (RDP) feature. Adobe fixed two critical bugs in its Flash Player browser plugin, which is bundled in Microsoft’s IE/Edge and Chrome although it is now disabled by default in Chrome.

Related: Zero Day Initiative – Blog, Appuals.com, WCCFtech, ZDNet Security, The Register – Security, SC Magazine, SecurityWeek, The Hacker News, Dark Reading, BleepingComputer.comQualys Blog, Cyber Security Review, Glock Takes StockSC Magazine, BleepingComputer.comThe Hacker News, CyberSecurity Help s.r.o.US-CERT Current Activity, Threatpost, TechNet Blogs, Security Affairs, Microsoft Security Response Center, Security Affairs, GBHackers On Security, Rapid7, Dark Reading: Vulnerabilities / Threats,  The State of Security,Appuals.com, SC Magazine, Threatpost, Tenable Blog, US-CERT Current Activity, US-CERT Current Activity, Threatpost

Zero Day Initiative – Blog: The September 2019 Security Update Review
Appuals.com: Install KB4515384 to Fix CPU Throttling Issue In Windows 10 version 1903 [Direct Download Links]
WCCFtech: September Patch Tuesday Updates Out for Several Windows 10 Versions (Update Also Live for W10 Mobile)
ZDNet Security: Microsoft patches two zero-days in massive September 2019 Patch Tuesday
The Register – Security: It’s 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server…
SC Magazine: Flash Player patches headline Adobe Patch Tuesday releases | SC Media
SecurityWeek: Microsoft Patches Two Privilege Escalation Flaws Exploited in Attacks
The Hacker News: Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
Dark Reading: Two Zero-Days Fixed in Microsoft Patch Rollout
BleepingComputer.com: Microsoft’s September 2019 Patch Tuesday Fixes 79 Vulnerabilities
Qualys Blog: September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop Client, SharePoint, Exploited PrivEsc
Cyber Security Review: Microsoft patches two zero-days in massive September 2019 Patch Tuesday
Glock Takes Stock: Patch Tuesday, September 2019 Edition
SC Magazine: Microsoft Patch Tuesday: Two zero days and 17 critical vulnerabilities addressed | SC Media
BleepingComputer.com: Adobe Releases Security Updates for Flash Player and Application Manager
The Hacker News: Adobe Releases Security Patches For Critical Flash Player Vulnerabilities
CyberSecurity Help s.r.o.: Microsoft update for Adobe Flash (September 2019)
US-CERT Current Activity: Microsoft Releases September 2019 Security Updates
Threatpost: Adobe Fixes Critical Flash Player Code Execution Flaws
Security Affairs: Microsoft Patch Tuesday updates for September 2019 fix 2 privilege escalation flaws exploited in attacks
Microsoft Security Response Center: 2019 ? 9 ??????????????? (??)
GBHackers On Security: Microsoft Fixes 79 Vulnerabilities Including Two Active Zero-Days Exploits and 4 Critical RDP Flaws
Rapid7: Patch Tuesday – September 2019
Cyber Security Review: Microsoft patches two zero-days in massive September 2019 Patch Tuesday
Dark Reading: Vulnerabilities / Threats: Two Zero-Days Fixed in Microsoft Patch Rollout
The State of Security: VERT Threat Alert: September 2019 Patch Tuesday Analysis
Appuals.com: Install KB4515384 to Fix CPU Throttling Issue In Windows 10 version 1903 [Direct Download Links]
SC Magazine: Microsoft Patch Tuesday: Two zero days and 17 critical vulnerabilities addressed | SC Media
Threatpost: Microsoft Addresses Two Zero-Days Under Active Attack
Tenable Blog: Microsoft’s September 2019 Patch Tuesday: Tenable Roundup
US-CERT Current Activity: Adobe Releases Security Updates
US-CERT Current Activity: Microsoft Releases September 2019 Security Updates
Threatpost: Adobe Fixes Critical Flash Player Code Execution Flaws

August 27, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Cybersecurity Firm Imperva Experienced ‘Security Incident’ Impacting Customers of Cloud Web Application Firewall Formerly Known as Incapsula

Cybersecurity and DDoS mitigation firm Imperva disclosed today an August 20th security incident that impacts a subset of customers of its cloud web application firewall (WAF), formerly known as Incapsula.  Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers the company had registered up until September 15, 2017, while for a smaller number of users, API keys and customer-provided SSL certificates were also exposed. Imperva has begun a forensic investigation, is notifying customers and has alerted relevant regulatory agencies.

Related: Threatpost, CRN, SecurityWeek, BleepingComputer.com, Krebs on Security, Glock Takes Stock, Computer Business Review, Imperva Cyber Security Blog, The Hacker News, Cyberscoop, CRN , GBHackers On SecuritySC Magazine, TechNadu, DataBreaches.netHelp Net Security, Infosecurity Magazine

Tweets:@campuscodi @ericgeller @unix_root

Threatpost: Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates
CRN: Imperva Breach Exposed API Keys, SSL Certs For Some Firewall Users
SecurityWeek: Imperva Notifies Cloud WAF Customers of Security Incident
BleepingComputer.com: Cybersecurity Firm Suffers Security Breach, Client Info Exposed
Krebs on Security: Cybersecurity Firm Imperva Discloses Breach
Glock Takes Stock: Cybersecurity Firm Imperva Discloses Breach
Computer Business Review: Imperva Hacked: Customer API Keys, SSL Certificates Stolen
Imperva Cyber Security Blog: Imperva Security Update
The Hacker News: Imperva Breach Exposes WAF Customers’ Data, Including SSL Certs, API Keys
Cyberscoop: Imperva says cloud firewall customers’ passwords were exposed
CRN : Imperva discloses data breach affecting some firewall users
GBHackers On Security: Imperva Hacked – Email addresses, API keys & SSL certificates of WAF Customers Exposed
SC Magazine: Breach exposes data belonging to Imperva Cloud WAF customers
TechNadu: Imperva Announces Data Breach that Exposes Cloud WAF Customers
DataBreaches.net : Imperva discloses security incident impacting cloud firewall users
Help Net Security: Imperva discloses security incident affecting Cloud WAF customers
Infosecurity Magazine: Imperva Breach Hits Cloud Customers

@campuscodi: Imperva discloses security incident impacting cloud firewall (formerly Incapsula) users-incident impacts users registered up until Sep 15, 2017 -unclear if incident caused by leaky server or intrusion -unclear if hack happened in '17 & discovered nowhttps://zdnet.com/article/imperva-discloses-security-incident-impacting-cloud-firewall-users/
@ericgeller: Firewall provider Imperva announces data breach affecting customers of its cloud-based web firewall product: https://krebsonsecurity.com/2019/08/cybersecurity-firm-imperva-discloses-breach/Hashed passwords, API keys, and SSL certificates among the compromised material.
@unix_root: Cybersecurity company 'Imperva" suffers a #databreach exposing sensitive data—emails, hashed salted passwords, API keys and SSL certificates—for a subset of its Cloud Web Application Firewall (WAF) customers.https://thehackernews.com/2019/08/imperva-waf-breach.html?utm_source=social_share—by @security_wang

October 15, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Attackers Steal More Than 26 Million Credit and Debit Card Records Worth a Purported $414 Million From BriansClub, A Store for Buying Stolen Payment Card Data

One of the largest underground stores for buying stolen credit card data, BriansClub, has itself been hacked with data stolen for more than 26 million credit and debit card records taken from hacked online and brick-and-mortar retailers over the past four years, including almost eight million records uploaded to the shop in 2019 alone. BriansClub imitates Krebs on Security, including likeness and namesake. All of the card data stolen from BriansClub was shared with multiple sources who work closely with financial institutions to identify and monitor or reissue cards that show up for sale in the cybercrime underground. Cybersecurity firm Flashpoint helped analyze the data from the site.  According to Allison Nixon, Flashpoint’s Director of Research, between August 2015 and August 2019, BriansClub sold roughly 9.1 million stolen credit cards, earning the site $126 million in sales (all sales are in bitcoin). According to the price card listed on the site, hackers stole $414 million worth of stolen credit cards.

August 14, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Microsoft Issues Patches for 93 Vulnerabilities in Windows and Related Software, Adobe Patches 118 Flaws Across Most Products But Not for Flash

Microsoft released patches to fix 93 vulnerabilities in Windows and related software, 35 of which affect various Server versions of Windows, and another 70 that apply to the Windows 10 operating system, including four so-called wormable flaws in Microsoft’s Remote Desktop Service, a feature which allows users to remotely access and administer a Windows computer. Adobe patched 118 vulnerabilities across After Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud, Acrobat and Reader, Experience Manager, and Photoshop products. For the second month in a row, Adobe issued no security updates for its chronically problematic Flash product.

Related: Threatpost, BleepingComputer.com, SecurityWeek, Zero Day Initiative – Blog, TechNet Blogs, Microsoft Security Response Center, US-CERT Current Activity, US-CERT Current Activity,  US-CERT Current Activity, Tenable Blog, Talos Intel, gHacks, Zero Day Initiative – Blog

August 23, 2019
Maggie Miller / The Hill

Maggie Miller / The Hill  
CISA Chief Says How Federal Civilian Agencies Manage Cyber Risks Is ‘Unsustainable,’ Outlines Shift to Shared Services Model

The current model of how federal civilian agencies manage cyber risks, which tasks all federal agencies with taking care of their own cybersecurity risks, is “unsustainable” and will change dramatically in the next five years, with some agencies embracing shared services, Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said in a presentation at Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. There may be a completely different architecture for that protection across the 99 federal civilian agencies CISA is responsible for advising, Krebs said.  He also spelled out other key priorities for the agency including election security and the “persistent threat” posed by China, among other goals, outlined in a strategic intent document the Department released this week.

September 10, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Secret Service Investigates Breach at Government Contractor Involving Possible Access to Email and Databases at More Than Twenty Government Agencies

The U.S. Secret Service is investigating a breach at Virginia-based government technology contractor Miracle Systems that saw criminals in an underground forum promising access to email correspondence and credentials needed to view databases for more than twenty client government agencies and military branches, including the U.S. Department of Transportation, the National Institutes of Health (NIH), and U.S. Citizenship and Immigration Services (USCIS), a component of the U.S. Department of Homeland Security. Miracle Systems acknowledged it had been compromised on three separate occasions between November 2018 and July 2019 by Emotet, a malware strain usually distributed via malware-laced email attachments that typically is used to deploy other malicious software. But the company maintains that the stolen data shown in screenshots on a popular Russian-language cybercrime forum was years-old and mapped only to internal test systems that were never connected to its government agency clients.

August 13, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
SEC Probes Whether First American Financial’s Exposure of Personal, Financial Records of More Than 885 Million People Violates Federal Securities Law

The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003. Ben Shoval, a real estate developer based in Seattle, who helped break the story of First American Financial’s data exposure back in May, said he recently received a letter from the SEC’s enforcement division which stated the agency was investigating the data exposure to determine if First American had violated federal securities laws. New York State financial regulators are also investigating the company in what could turn out to be the first test of the state’s strict new cybersecurity regulation.

August 23, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
More Than Five Million Credit Card Accounts Tied to Hy-Vee Supermarket Chain Point-of-Sale Breach for Sale on Joker’s Stash

More than 5.3 million new accounts belonging to cardholders from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee, which operates a chain of more than 245 supermarkets throughout the Midwest, is for sale on one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants. Hy-Vee announced on August 14 a data breach involving payment processing systems that handle transactions at some Hy-Vee fuel pumps, drive-thru coffee shops and restaurants. Sources say the card data stolen from Hy-Vee is now being sold under the code name “Solar Energy,” at the infamous Joker’s Stash carding bazaar for $17 to $35 apiece.

September 4, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Satori Botnet Operator Pleads Guilty to Federal Hacking Charges, Faces Up to 10 Years in Prison

A Vancouver, WA man Kenneth Currin Schuchman pleaded guilty to federal hacking charges tied to his role in operating the “Satori” botnet, a criminally-oriented malware family powered by hacked Internet of Things (IoT) devices built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies. From July 2017 to October 2018, Schuchman, who used the aliases “Nexus” and “Nexus-Zeta,” worked with at least two other unnamed individuals to develop and use Satori in large scale denial of service attacks. Satori was originally based on the leaked source code for Mirai a powerful IoT botnet. Sources say the two co-conspirators used the nicknames “Vamp” and “Drake” and that Vamp, a UK resident, was principally responsible for coding the Satori botnet as well as the main actor behind the massive DDoS attack on Internet management company Dyn, which caused massive Internet outages in 2016. While on supervised release following his arrest, Schuchman created a new botnet variant in August 2018 and identified his former partner Drake’s home address for the purposes of “swatting” him. The maximum penalty for the single criminal count to which Schuchman pleaded guilty, aiding and abetting computer intrusions, is 10 years in prison and fines of up to $250,000.

August 30, 2019
Brian Krebs / Krebs on Security

Brian Krebs / Krebs on Security  
Remote Data Backup Service Used by Dental Offices Across the U.S. Hit by Ransomware Attack

Remote data backup service PerCSoft, used by hundreds of dental offices across the U.S., is struggling to restore access to client systems after falling victim to a ransomware attack. PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various dental offices across the United States. The ransomware attack hit PerCSoft on the morning of Monday, August 26, and encrypted dental records for some but not all of the practices that rely on DDS Safe. Some reports suggest PerCSoft paid the ransom and some reports suggest the decryptor provided by the attacker did not work.