From cnbc.com
Prosecutors in Brooklyn, New York, said in November that a Lithuanian man and an unknown co-conspirator emptied the brokerage accounts of hapless victims, stealing hundreds of thousands of dollars. The losses would have been worse, but for a handful of investors who made some seemingly simple but savvy moves to stop the fraud from happening.
From nakedsecurity.sophos.com
December 2019’s Patch Tuesday updates are out, and for the most part, it’s the usual undemanding Christmas load for admins to browse through.
All told, there are 36 CVE-level vulnerabilities, seven of which are marked ‘critical’, 27 important, and one each for low and moderate.
Predictably, the critical flaws are all remote code execution (RCE) flaws, five relating to Git for Visual Studio, one in Hyper-V, and one in the Win32k Graphics subsystem.
From nakedsecurity.sophos.com
On Tuesday, as expected, Apple released iOS 13.3, iPadOS 13.3, tvOS 13.3, and watchOS 6.1.1 to the public, bringing bug fixes and performance improvements, as well as one big new security improvement: support in its Safari browser for two-factor authentication (2FA) hardware tokens such as Yubico’s Yubikey.
From zdnet.com
WhatsApp has announced a clampdown on the abuse of business features for bulk messaging with the enforcement of legal action.
The messaging application is popular with consumers with an estimated 300 million active daily users. The massive user base gave rise to a business opportunity for the Facebook-owned company, leading to the development of the WhatsApp Business app and the WhatsApp Business API.
From hotforsecurity.bitdefender.com
Microsoft says it doesn’t plan to provide security updates for the Microsoft Security Essentials component integrated into Windows 7 after the operating system reaches its end of life in a little over five weeks.
The life of Windows 7 is set to end on January 14th, 2020, and security updates for the operating system will cease to arrive. Microsoft Security Essentials is the antivirus component implemented by default on Windows 7, but that tool will be abandoned along with everything else.
From labs.k7computing.com
Taking the fileless route was unheard of with Mac malware. Until now, that is! This blog describes a brand new fileless tactic pioneered by the infamous Lazarus cybercriminal group which should set the alarm bells ringing about the continuous and evolving threats in the Mac world.
From meterpreter.org
For WireGuard, news has been flowing for the past few weeks, as rumors have it that this secure VPN tunnel will soon be merged into the Linux kernel mainline and will be supported on all other mainstream platforms. It turns out that WireGuard is likely to appear in the Linux 5.5 kernel without having to wait for Linux 5.6.