Microsoft March Patch Tuesday comes with fixes for two Windows zero-days

Microsoft rolled out today its monthly batch of security patches known as Patch Tuesday. This month, the Redmond-based company fixed 64 vulnerabilities, 17 of which were rated critical, including two zero-days affecting in its main product, the Windows operating system. First Windows zero-day The first of these zero-days is […] …

Google Chrome zero-day used in the wild to collect user data via PDF files

Google A security firm said this week that it discovered malicious PDF documents exploiting a Google Chrome browser zero-day. The vulnerability allowed attackers to collect data from users who opened PDF files inside Chrome’s built-in PDF viewer. Exploit detection service EdgeSpot, the company that found these malicious files, […] Click …

Adobe sends out second fix for critical Reader data leak vulnerability

Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089 , was patched in Adobe’s February 12 patch release . Buried among 42 other critical bugs, the […] Click here to view original web page at www.zdnet.com

POS firm says hackers planted malware on customer networks

North Country Business Products (NCBP), a Minnesota-based provider of point-of-sale (POS) products, announced a security breach last week. The company said hackers compromised its IT system and later planted POS malware on the network of some of its customers. The breach occurred on January 3, 2019, according to NCBP. […] …

NoRelationship phishing attack dances around Microsoft Office 365 email filters

Researchers have described a new phishing attack which is able to bypass Microsoft malicious file filters. On Tuesday, cybersecurity firm Avanan said the attack, dubbed NoRelationship , uses a link parsing weakness in email scanning products to hide malicious links. […] Click here to view original web page at www.zdnet.com

Rietspoof malware spreads via Facebook Messenger and Skype spam

This device is unable to play the requested video. Avast security researchers have discovered a new malware strain named Rietspoof that’s currently being spread to victims via instant messaging clients such as Facebook Messenger and Skype. In a report published over the weekend, researchers described this new threat as […] …

Dunkin’ Donuts accounts compromised in second credential stuffing attack in three months

Dunkin’ Donuts announced today that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts. This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks. Credentials stuffing is a cyber-security […] …

Micropatch released for Adobe Reader zero-day vulnerability

This device is unable to play the requested video. A micropatch has been made available to resolve a zero-day vulnerability impacting Adobe Reader which could lead to the theft of hashed password values. The vulnerability was originally disclosed by Alex Inführ on 26 January and proof-of-concept (PoC) code has […] …