This month, Microsoft wasn’t able to prevent information about these updates from leaking as it usually can. Information about one particular flaw, %CVE:2020-0601%, the “Windows CryptoAPI Spoofing Vulnerability,” was leaked as early as Friday.
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Please refer to:
Intel patched six security vulnerabilities during the January 2020 Patch Tuesday, including a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux.
The Nemty Ransomware has outlined plans to create a blog that will be used to publish stolen data for ransomware victims who refuse to pay the ransom.
For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.
Ransom.Sodinokibi is Malwarebytes’ detection name for a family of Ransomware that targets Windows systems. Ransom.Sodinokibi encrypts important files and asks for a ransom to decrypt them.
It’s now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
The attackers behind the Sodinokibi Ransomware are applying pressure on Travelex to pay a multi-million dollar ransom by stating they will release or sell stolen data that allegedly contains customer’s personal information.
Security researchers found several vulnerabilities within TikTok’s infrastructure that made it possible for potential attackers to hijack accounts to manipulate users’ videos and steal their personal information.
TikTok is a social media platform owned by Beijing-based ByteDance, with offices around the world, servers based in the countries where its iOS and Android apps operate, and it is used for sharing short-form looping mobile videos of 3 to 60 seconds.
The platform’s Android app currently has over 500,000,000 installs according to Google Play Store stats and has crossed the 1.5 billion installs mark on all mobile platforms during November 2019 according to Sensor Tower Store Intelligence estimates.
TikTok’s applications and its backend were vulnerable to attacks as Check Point researchers state in a report shared with Bleeping Computer earlier this week.
The security issues were disclosed to ByteDance during late November, with the company fixing the vulnerabilities within one month.
“Data is pervasive but data breaches are becoming an epidemic, and our latest research shows that the most popular apps are still at risk,” Check Point’s Head of Product Vulnerability Research Oded Vanunu said.
“Social media applications are highly targeted for vulnerabilities as they provide a good source for private data and offer a good attack surface gate.”
TikTok’s SMS system allowed the Check Point research team to manipulate account data by adding and deleting videos, to demonstrate privacy encroachment issues by changing video privacy settings from private to public, and to exfiltrate personal user data including full name, email address, and birthday.
As shown by Check Point Research, attackers could have exploited these vulnerabilities via TikTok’s SMS system to:
To be able to perform these malicious actions, hackers could send app download links to any user’s phone number via text messages by impersonating TikTok which allowed them to inject and execute malicious code.
Additionally, attackers could redirect TikTok users onto a web server they controlled using the same tactic controlled thus making it possible for the hackers to send unwanted requests on behalf of their victims.
Potential attackers could have used “the same technique to redirect a victim to a malicious website under the guise of tiktok.com,” Check Point Research also found.
“The redirection opens the possibility of accomplishing Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), and Sensitive Data Exposure attacks without user consent.”
TikTok Security Team’s Luke Deshotels said that “TikTok is committed to protecting user data. Like many organizations, we encourage responsible security researchers to privately disclose zero day vulnerabilities to us.
If you are using Firefox as your web browsing software on your Windows, Linux, or Mac systems you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla’s website.
ZURICH (Reuters) – Austria suspects a foreign country is behind a serious cyberattack on information systems at its Foreign Ministry that continued on Sunday, the ministry said.
“Given the type and seriousness of the attack we assume this probably concerns a state actor and not criminals,” a ministry spokesman said.
He declined to give technical details about the assault or speculate on who might be behind it. “Experts have informed us that these things can last several days,” he added.
Page 19 of 19
