Security News

• Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users
  Domain registrar bungle takes down the website of one of the world's largest companies.
  
• ​Red Belly Blockchain shows scale with global trial on AWS cloud
  CSIRO's Data61 and the University of Sydney say the first international trial of its Red Belly Blockchain has shown increased speed and energy efficiencies at a global scale.
  
• SHEIN fashion retailer announces breach affecting 6.42 million users
  Hack took place somewhere in June, but the company only discovered the breach in late August.
  
• Expandable ads are hacker's new backdoor into commercial websites
  Researcher finds XSS vulnerabilities in iframe busters, scripts that power expandable ads that grow and cover a large area of the page.
  
• Microsoft to bring multi-user virtualization to Windows and Office with Windows Virtual Desktop service
  Microsoft's new Windows Virtual Desktop service will allow enterprise subscription customers to run Windows, Office and third-party apps in Azure virtual machines.
  
• US ISP RCN stores customer passwords in cleartext
  Company is investigating the issue with customer support representatives having access to users' passwords in cleartext.
  
• It's not about devices for Amazon and Alexa, it's about attention
  The new devices got all the attention at last week's event, but Amazon is more interested in getting your attention.
  
• Google Clips: An exclusive look at the smart camera's latest improvements
  Google has continued to quietly update its smart camera, with the latest update set for release this week.
  
• Apple MacOS Mojave zero-day privacy bypass vulnerability revealed
  The latest update of the Mac operating system is expected to hit today -- potentially alongside a zero-day bug which circumvents OS privacy controls.
  
• Microsoft starts rolling out Office 2019 for Windows and Mac
  Microsoft is starting to roll out Office 2019, its on-premises Office suite for Windows and Mac, and will be delivering the Office 2019 servers within the coming weeks.
  

• Cybercriminals Target Kodi Media Player for Malware Distribution
  A recent cryptomining campaign shows criminal ingenuity.
  
• Adwind RAT Scurries By AV Software With New DDE Variant
  The spam campaign mostly targets victims in Turkey and Germany.
  
• Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
  Chrome users are now automatically signed into the browser if they're signed into any other Google service, such as Gmail.
  
• Assessing the Human Element in Cyber Risk Analysis
  The human factor doesn't have to be an intangible when assessing cyber risks within a company.
  
• Tricky DoS Attack Crashes Mozilla Firefox
  There are currently no mitigations for the Firefox attack, a researcher told Threatpost.
  
• Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug
  Up to two billion devices are still vulnerable to the BlueBorne IoT attack - and may not ever get a patch.
  
• Critical Vulnerability Found in Cisco Video Surveillance Manager
  Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.
  
• Twitter Flaw Exposed Direct Messages To External Developers
  The company said it has issued a patch for the issue, which has been ongoing since May 2017.
  
• Delphi Packer Looks for Human Behavior Before Deploying Payload
  Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.
  
• Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution
  Microsoft said that it's working on a fix for a zero-day flaw in its JET Database Engine.