New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker that shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until Monday. (KrebsOnSecurity)
|
“Let us, for the moment, suspend the commentary and get to the important part: Prioritize freezing your credit with Equifax, Experian, and TransUnion as soon as possible. Not only can it be done in a relatively short time with little effort on your part (seriously, just follow the links above), unfreezing when you actually need it, likewise can be a quick process; When completed online or by phone your request will be fulfilled within one hour of confirmation. Additionally, you can also freeze your National Consumer Telecom & Utilities Exchange and ChexSystems reports, which will provide an additional layer of protection related to things like utilities and financial accounts not normally tied with the credit bureaus. These are often overlooked but can be invaluable safeguards.” – Jessica Owens, Senior SOC Analyst at Ingalls Information Security |
Microsoft warned customers recently to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. (BleepingComputer)
Intel and AMD have each informed customers about dozens of vulnerabilities found and patched in their products. Intel has published 43 new advisories that cover a total of roughly 70 security holes. Nine advisories describe high-severity vulnerabilities. (SecurityWeek)
A United Nations committee has advanced the final draft of a treaty intended to combat cross-border cybercriminal organizations, but opponents warn that it contains few safeguards for human rights and could be used by repressive governments to prosecute journalists, cybersecurity researchers, and protesters. (Dark Reading)
Software giant Microsoft used the spotlight of the Black Hat security conference to document multiple vulnerabilities in OpenVPN and warned that skilled hackers could create exploit chains for remote code execution attacks. (SecurityWeek)
Phishing is surging. See why and how it’s exploiting current events, like CrowdStrike's BSOD and; the Olympics. (The Hacker News)
A team of researchers from the Graz University of Technology in Austria has published a paper on SLUBStick, a new Linux kernel exploitation technique that can make heap vulnerabilities more dangerous. (SecurityWeek)
Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. (The Hacker News)
Attackers can use a flaw that exploits the 0.0.0.0 IP address to remotely execute code on various Web browsers — Chrome, Safari, Firefox, and others — putting users at risk for data theft, malware, and other malicious activity, (Dark Reading)
Read the findings, mitigations, and technical details of the Channel File 291 incident. (CrowdStrike Blog)