Google Chrome zero-day used in the wild to collect user data via PDF files

Google A security firm said this week that it discovered malicious PDF documents exploiting a Google Chrome browser zero-day. The vulnerability allowed attackers to collect data from users who opened PDF files inside Chrome’s built-in PDF viewer. Exploit detection service EdgeSpot, the company that found these malicious files, […] …

Adobe sends out second fix for critical Reader data leak vulnerability

Adobe has released a second patch to resolve a critical zero-day vulnerability in Adobe Reader after its original fix failed. The vulnerability, CVE-2019-7089 , was patched in Adobe’s February 12 patch release . Buried among 42 other critical bugs, the […] here to view original web page at www.zdnet.com

POS firm says hackers planted malware on customer networks

North Country

 

Products (NCBP), a Minnesota-based provider of point-of-sale (POS) products, announced a security breach last week. The company said hackers compromised its IT system and later planted POS malware on the network of some of its customers. The breach occurred on January 3, 2019, according to NCBP. […] …

NoRelationship phishing attack dances around Microsoft Office 365 email filters

Researchers have described a new phishing attack which is able to pass Microsoft malicious file filters. On Tuesday, cybersecurity firm Avanan said the attack, dubbed NoRelationship , uses a link parsing weakness in email scanning products to hide malicious links. […] here to view original web page at www.zdnet.com

Rietspoof malware spreads via Facebook Messenger and Skype spam

This device is unable to play the requested video. Avast security researchers have discovered a new malware strain named Rietspoof that’s currently being spread to victims via instant messaging clients such as Facebook Messenger and Skype. In a report published over the weekend, researchers described this new threat as […] …

Dunkin’ Donuts accounts compromised in second credential stuffing attack in three months

Dunkin’ Donuts announced today that it was the victim of a credential stuffing attack during which hackers gained access to customer accounts. This marks the second time in three months that the coffee shop chain notifies users of account breaches following credential stuffing attacks. Credentials stuffing is a cyber-security […] …

Micropatch released for Adobe Reader zero-day vulnerability

This device is unable to play the requested video. A micropatch has been made available to resolve a zero-day vulnerability impacting Adobe Reader which could lead to the theft of hashed password values. The vulnerability was originally disclosed Alex Inführ on 26 January and proof-of-concept (PoC) code has […] …

New Windows 10 Cumulative Update now available (changelog)

It’s Patch Tuesday and Microsoft is pushing out a new Cumulative Update to Windows 10 users, taking the OS to build 17763.316. Like all Cumulative Updates, the new build brings fixes but no new features, with the improvements including: Addresses an issue that fails to set the LmCompatibilityLevel value […] …

iCloud for Windows 1809 October 2018 Update

If you try to install iCloud for Windows on the latest update for Windows 10 1809, you may be greeted with this error: How do you fix this? Open Registry Editor: Win+R | regedit Navigate to the registry path: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion Temporarily modify these 3 registry keys: CurrentBuild set value …