News – Page 749

Adobe Patches 14 Vulnerabilities in Acrobat Products

Posted on 4 November 2020

From securityweek.com

Adobe on Tuesday informed customers that it has patched over a dozen vulnerabilities in its Acrobat products, including critical flaws that can be exploited for arbitrary code execution.

The company says it has fixed a total of 14 security holes in the Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat Reader 2020, Acrobat 2017, and Acrobat Reader 2017.

Three of the flaws have been rated critical severity. They are caused by use-after-free, heap-based buffer overflow, and out-of-bounds write bugs, and they can be exploited for arbitrary code execution in the context of the targeted user.

Six of the vulnerabilities are important. They have been described as improper access control, improper input validation, signature verification bypass, security feature bypass, and race condition. They can be exploited for local privilege escalation, information disclosure, DLL injection, and JavaScript code execution.

Creating and Deploying PKI Certificates in Bulk

Posted on 4 November 2020

From appviewx.com

Digital certificates are the gatekeepers for modern e-commerce and all secure communications. But what are they? Where do they come from? How do you manage the process of issuing, distributing, and maintaining certificates, especially when you have lots of servers, and only a limited amount of time to configure them? Let’s answer these questions, one at a time.

5 Reasons Why Mobile Application Security Fails

Posted on 4 November 2020

From securityboulevard.com

Traditionally, large organizations and the enterprise have been the focus for hackers and malicious attacks, but in recent years, the rise of sophisticated hacking tools and leaked databases on the dark web, in conjunction with the proliferation of mobile devices and the wealth of sensitive data stored on those devices, have made mobile devices an easier and equally fruitful target. The rise of remote working and BYOD has also made individual devices a potential ‘route into’ a larger organization.

Storing information on devices and the use of insecure, unsanctioned apps—which may not be compliant, could violate privacy or be prone to hacking or leaking—has become more prevalent. As a result, mobile application security is at the top of many businesses’ risk list. Almost all employees now regularly access corporate data from their smartphones; that means keeping sensitive information out of the wrong hands remains a complex issue for many businesses. The cost of not securing sensitive data remains high, with the average cost of a corporate data breach standing at an eye-watering $3.92 million.

Vpsh ransomware is a type of malware that encrypts personal files and demands money

Posted on 4 November 2020

From 2-spyware.com

Vpsh ransomware – a computer infection that encrypts^[1] all personal files with a .vpsh extension, restricting access to them. Malware then drops a ransom note _readme.txt, which claims that the only way to securely return data is by paying a ransom of $980/$490 – it should be delivered using bitcoin digital currency. In the note, threat actors provide contact emails – helpmanager@mail.ch and restoremanager@airmail.cc.

Someone just emptied out a $1 billion BitCoin wallet

Posted on 4 November 2020

From bleepingcomputer.com

A password-protected BitCoin wallet with almost $1 billion in cryptocurrency has just been emptied out.

Mystery surrounds this suspicious transaction and the party who finally managed to cash out the big fat amount.

Protecting iMessage Communications

Posted on 4 November 2020

From blog.elcomsoft.com

How secure are your chats in your favorite instant messenger? Can someone intercept and read your secret conversations, and can you do something about it? Apple users have access to the highly popular instant messaging system, the iMessage. But how secure it really is? Let’s find out.

When it comes to instant messaging, there are generally three ways to gain access to your chats:

Intercept messages in transit
Obtain conversation backups from a cloud
Extract messages from the endpoints (devices)

GWTMap: map the attack surface of Google Web Toolkit based applications

Posted on 4 November 2020

From securityonline.info

GWTMap is a tool to help map the attack surface of Google Web Toolkit (GWT) based applications. The purpose of this tool is to facilitate the extraction of any service method endpoints buried within a modern GWT application’s obfuscated client-side code and attempt to generate example GWT-RPC requests payloads to interact with them.