Connect with us

Cyber Security

Mimecast Buys MessageControl

Avatar

Published

on

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2020-14310
PUBLISHED: 2020-07-31

There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX – 1 length in bytes but it doesn’t verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma…

CVE-2020-14311
PUBLISHED: 2020-07-31

There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.

CVE-2020-5413
PUBLISHED: 2020-07-31

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali…

CVE-2020-5414
PUBLISHED: 2020-07-31

VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a…

CVE-2019-11286
PUBLISHED: 2020-07-31

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the …

Source: https://www.darkreading.com/application-security/mimecast-buys-messagecontrol/d/d-id/1338504?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cyber Security

Signs that confirm that an Android Smart phone is hacked

Avatar

Published

on

As the use of Android based smart phones is increasing, studies suggest that these gadgets are becoming favorite targets to hackers and cyber criminals. Now to those who aren’t aware about the tech of ‘Smart Phone Hacking’ here’s a gist on it. A smart phone hack means presence of malicious apps or software such as malware, spyware or programs that can steal sensitive data like banking credentials, crypto currency from wallets, photos, videos and other sensitive files from a smart phone.

Now, coming to the signs that confirm that an Android Smart phone is hacked, here are some tips to identify-

If your phone is being bombarded with ads from unknown sources, then it means that the phone has some malware infection loaded onto it.

In case if unknown apps are getting installed without your knowledge, then it clearly indicates that some malicious activity is taking place in the background.

Another sign that your mobile is hacked is that the app/s disappears as soon as they are downloaded.

Other big sign that indicates a smart phone is hacked is when the battery of the smart phone drains suddenly. Especially when it shows 100% while charging and then shows only 10% after 2-3 hours of battery recharge.

Sometimes, in rare cases, your phone’s call list has a feed of missed calls or unknown international calls and this clearly indicates that your phone is hacked

Sudden increase in mobile data consumption also indicates that your phone is infected by malevolent apps

Drop in phone’s performance resulting in app freezes and longer time to upload also indicates malware infection on the smart phone.

What to do with your phone at this stage?

Just download a mobile security application and see that it keeps your device secure enough from then on by regularly scanning for cyber threats and neutralizing them. Going for premium anti-malware software makes complete sense, as it can help in detecting mobile ransomware and cyptomining software as well.

Source: https://www.cybersecurity-insiders.com/signs-that-confirm-that-an-android-smart-phone-is-hacked/?utm_source=rss&utm_medium=rss&utm_campaign=signs-that-confirm-that-an-android-smart-phone-is-hacked

Continue Reading

Cyber Security

Over 5.5m files or 343GB data leaked from Amazon Web Services AWS

Avatar

Published

on

Security researchers working for vpnMentor have discovered that a storage bucket on AWS cloud was open for quite sometime, putting 5.5 million files or 343GB worth data at risk as it was accessible to hackers.

According to the research team led by Noam Rotem and Ran Locar, the AWS S3 bucket belonged to a company called InMotionNow that is basically a software company that is based in North Carolina and is into project management services.

Cybersecurity Insiders has learned that the data belonged to companies that stored their marketing material on the unsecured S3 bucket of AWS and that includes

  • Training videos and some text files related to ISC2.org.

  • Client details related to Insurance Company Brotherhood Mutual.

  • Some training material meant for students pursuing courses at the Universities in Kent State of Ohio and Purdue in Indiana, along with a list of donors.

  • Sensitive details related to Potawatomi Hotel & Casino in Milwaukee, Wisconsin

  • Material related product design and accessories related to Electronics Company called Zagg.

  • Information related to Freedom Forum Institute, non-profit organizations based in United States.

  • Sensitive details related to Myriad Genetics and Performance Health.

Note 1- vpnMentor tried to reach InMotionNow to report the issue. But the company failed to acknowledge the incident. But it took all measures to make the data access private on the S3 bucket thereafter.

Note 2– inMotionNow is SaaS solutions provider that offers companies the privilege to manage their marketing and creative workflow efficiently and swiftly. It offers applications related to task and milestone management, project requisites, resource assignment, tracking online reviews that ease the administrative tasks of marketing and sales teams to a great level.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

Source: https://www.cybersecurity-insiders.com/over-5-5m-files-or-343gb-data-leaked-from-amazon-web-services-aws/?utm_source=rss&utm_medium=rss&utm_campaign=over-5-5m-files-or-343gb-data-leaked-from-amazon-web-services-aws

Continue Reading

Cyber Security

Combat mobile phishing attacks targeting Financial Services with AI

Avatar

Published

on

[ This article was originally published here ]

Phishing attacks are a common attack vector for financial services organizations. Effective and simple to launch, phishing attacks challenge financial firms to protect their mobile workforce and harden their customer-facing apps.
Mobile phishing, in particular, bypasses traditional perimeter defenses such as secure email gateways by targeting users via personal email, SMS and social messaging apps. These attacks typically seek to exploit human trust by using social context within messages on social networks.
For example, the natural instinct for safety and survival would lead most anyone to click on a message about a friend or loved one who has been affected by COVID-19. With access to an app, an attacker could check balances, transfer money, and siphon away all the funds in an account….then disappear. Once a cyberattacker infects an employee’s mobile device, they can use it and the user’s credentials to access a corporate network…

Mike Banic Posted by:

Mike Banic

      

Avatar

Source: https://www.cybersecurity-insiders.com/combat-mobile-phishing-attacks-targeting-financial-services-with-ai/?utm_source=rss&utm_medium=rss&utm_campaign=combat-mobile-phishing-attacks-targeting-financial-services-with-ai

Continue Reading
Gaming2 hours ago

All remaining DreamHack 2020 events postponed due to COVID-19

Payments2 hours ago

Westpac hires Scott Collary as new COO

Payments2 hours ago

Bitcoin options market shows it is “open air” for BTC after $14,000

Payments3 hours ago

UK fintech VibePay launches business accounts

Gaming3 hours ago

Watch This Impressive Fall Guys Hex-A-Gone Finish

Gaming3 hours ago

An xCloud Game Streaming Beta Is Coming to Android Today for Game Pass Ultimate Subscribers

Start Ups3 hours ago

Budget hospitality startup Zostel set to expand and open 500 new properties in a span of 2 years

Payments3 hours ago

Banks with IT-savvy board are hit less by cyberattacks and downtime

Publications3 hours ago

Stock futures up in overnight trading after Wall Street notches seventh straight day of gains

Gaming3 hours ago

Vampire: The Masquerade – Bloodlines 2 Has Been Delayed Until 2021

Gaming4 hours ago

Shackcast Episode 072 – Goatse Sashimi and the Koopa Clown Car

Cannabis4 hours ago

An in-depth look at the study that discovered THCP, a cannabinoid more potent than THC

Cyber Security4 hours ago

Signs that confirm that an Android Smart phone is hacked

Cyber Security4 hours ago

Over 5.5m files or 343GB data leaked from Amazon Web Services AWS

Start Ups4 hours ago

Swiggy launches Instamart to deliver grocery & essential items within 45 min

Publications4 hours ago

Trump evacuated from press briefing after Secret Service officer shoots man outside White House

Gaming4 hours ago

Call Of Duty Microtransactions Helped Boost Activision’s Profits By $536 Million

Gaming4 hours ago

Ninjala Allows For Worldwide Matchmaking With Update 2.0

Blockchain4 hours ago

Australian Hacker Sentenced to 2 Years in Prison for $300K XRP Theft

Publications4 hours ago

After border clash with China, India to continue strengthening ties with U.S., others, experts say

Gaming4 hours ago

Call Of Duty: Modern Warfare/Warzone Season 5’s New Operator Is Based On A Real-Life Soldier

Gaming5 hours ago

Wide World of Electronic Sports: Episode 57

Gaming5 hours ago

Shacknews Twitch Highlights: State of Play Reactions, Fall Guys, and The Stimulus Games

Cyber Security5 hours ago

Combat mobile phishing attacks targeting Financial Services with AI

Cyber Security5 hours ago

Cybersecurity risk management explained

Publications6 hours ago

Coronavirus live updates: Global cases top 20 million; Mnuchin says relief deal could come this week

Networks7 hours ago

India connects submarine cable to islands where some still live in the stone age

Blockchain7 hours ago

What Would the Re-Election of Alexander Lukashenko Mean for Crypto?

Publications8 hours ago

Banks and tech giants including JPMorgan and Amazon pledge to hire 100,000 minority New Yorkers

Covid198 hours ago

Global Coronavirus Case Count Surpasses 20 Million

Covid198 hours ago

California Gov. Says Trump Unemployment Executive Action Spells Disaster For Budget

Payments8 hours ago

Grayscale kicks off national cryptocurrency ad campaign on CNBC, MSNBC, FOX

Blockchain9 hours ago

Tron (TRX) Forms Textbook Bear Signal Despite Rally in the Altcoin Market

Blockchain9 hours ago

USDA Proposes Blockchain Ledger for Organic Product Supply Chain

Publications9 hours ago

Airline shares surge as TSA numbers hit pandemic high, support for second bailout builds

Esports9 hours ago

Peruvian Zerg Castro passes away.

AR/VR9 hours ago

Facebook Researchers Develop Bleeding-edge Facial Reconstruction Tech So You Can Make Goofy Faces in VR

Publications9 hours ago

Robinhood reports more monthly trades than rivals Charles Schwab, E-Trade combined

Cannabis9 hours ago

Arizona Legalization Initiative Survives Lawsuit

Publications9 hours ago

Trump urges Americans to stop politicizing the coronavirus, blames China

Trending