A near-future look at what office life may become, according to changes make at the offices of property company Cushman-Wakefield. When you return to the office everything will look very different, and that’s just the beginning of a set of changes to how and why we work in offices.
How many vulnerabilities lurk inside the open source libraries that today’s developers happily borrow to build their applications? This is where a majority of software vulnerabilities come from in the development process.
Apple’s current round of updates have been officially announced in the company’s latest Security Advisory emails.
If you’ve purchased life insurance, you may have decided on a policy with the help of their technology. Compulife and NAAIP are direct competitors in a niche industry: they both generate life insurance quotes for brokers who sell insurance. And court documents reviewed by SecureWorld News reveal that one of the companies hired a hacker to get inside information and propriety code used by its competitor. Judge James Randal Hall, of the Eleventh Circuit U.S. Court of Appeals, explains in his recent decision: “There’s nothing easy about this case. The facts are complicated, and the governing law is tangled. At its essence, it’s a case about high-tech corporate espionage… Read more
Windows 10 release 2004 is out, with a slew of new features, including several updates to its security and privacy.
Original release date: May 28, 2020
The National Security Agency (NSA) has released a cybersecurity advisory on Russian advanced persistent threat (APT) group Sandworm exploiting a vulnerability—CVE-2019-10149—in Exim Mail Transfer Agent (MTA) software. An unauthenticated remote attacker can use this vulnerability to send a specially crafted email to execute commands with root privileges, allowing the attacker to install programs, modify data, and create new accounts.
Although Exim released a security update for the MTA vulnerability in June 2019, Sandworm cyber actors have been exploiting this vulnerability in unpatched Exim servers since at least August 2019 according NSA’s advisory, which provides indicators of compromise and mitigations to detect and block exploit attempts.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to upgrade to the latest version of Exim and review NSA’s Advisory: Exim Mail Transfer Agent Actively Exploited by Russian GRU Cyber Actors and Exim’s page on CVE-2019-10149 for more information.
Some 7,600 dark-web sites were obliterated in an attack on the most popular provider of .onion free hosting services, Daniel’s Hosting.
An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities. Read more…
For much more on this investigation, check out OCCRP’s multi-part series, How a Crew of Romanian Criminals Conquered the World of ATM Skimming.