SecurityLab, [01.11.19 15:21]
Google has released fixes for two vulnerabilities in Chrome, including a zero-day vulnerability exploited in real-world attacks.

The issues are fixed in browser version 78.0.3904.87 for Windows, Mac and Linux, and users are strongly advised to install it to avoid possible attacks.
Two vulnerabilities have been fixed in Chrome, including 0-day (https://www.securitylab.ru/news/502247.php)

SecurityLab, [01.11.19 15:41]
The Ministry of economic development of the Russian Federation proposed to abandon foreign equipment and transfer banks and critical infrastructure to Russian software, according to RBC.
Russian authorities have proposed to ban the use of foreign SOFTWARE in CII (https://www.securitylab.ru/news/502249.php)

SecurityLab, [02.11.19 10:51]
The Ministry of internal Affairs of Russia following the meeting of the Board of the Department decided to create new units to combat cybercrime.

The official representative of the Ministry of internal Affairs Irina Volk told RBC.

The Russian interior Ministry decided to create a unit to combat cybercrime (https://www.securitylab.ru/news/502251.php)

SecurityLab, [03.11.19 12:31]
Cyberattacks are among the ten most dangerous threats in the world for which organizations should be prepared within the next decade.

If cybersecurity measures do not keep pace with technological progress, the threat could cost $90 trillion.

WEF has published an IB guide for senior management of organizations (https://www.securitylab.ru/news/502253.php)

SecurityLab, [04.11.19 09:41]
Cybersecurity experts have revealed the first Amateur attempts to exploit the sensational RCE vulnerability in Windows to mine cryptocurrency on vulnerable systems.

We are talking about the vulnerability CVE-2019-0708 (BlueKeep), a patch for which Microsoft released in may this year.

The first attempts of mass exploitation of bluekeep vulnerability in Windows have been recorded (https://www.securitylab.ru/news/502260.php)

https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

SecurityLab, [05.11.19 08:11]
Colorado-based IB company Coalfire has demanded that charges be dropped against its employees accused of illegally entering a courthouse in Iowa.

According to the company’s management, two of its employees were hired for security testing and were just doing their job.

The purpose of the penetration was to check the reliability of the security system, and not malice, said the Director of Coalfire Tom McAndrew (Tom McAndrew).

Security the company stood up for the accused in hacking testers security (https://www.securitylab.ru/news/502273.php)

SecurityLab, [05.11.19 08:41]
Researcher Mohammad Askar (Mohammad Askar) from the company Shell Systems published online the details and PoC-codes for two vulnerabilities remote code execution in the utility rConfig. Their exploitation allows an unauthorized attacker to remotely compromise target servers and connected network devices.

Two critical vulnerabilities were discovered in rConfig (https://www.securitylab.ru/news/502274.php)

SecurityLab, [05.11.19 09:11]
A team of specialists from the Tokyo University of telecommunications (Japan) and the University of Michigan (USA) have developed a method that allows you to send digital assistants silent voice commands using a laser.
Amazon Echo can be fooled with silent laser commands (https://www.securitylab.ru/news/502277.php)

SecurityLab, [05.11.19 10:21]
Experts from the CERT coordination center at Carnegie Mellon University (USA) reported a problem related to the option „disable all macros without notification“ in Microsoft Office for Mac.
Disabling macros in Microsoft Office for Mac exposes users to the threat of attacks (https://www.securitylab.ru/news/502281.php)

SecurityLab, [05.11.19 10:31]
In Windows 10 (version 1903), an error has been detected that affects the installation process of the operating system. As Microsoft reports, a „Try again“ error notification appears after the installation is complete or after the device is reset.

After installing Windows 10 (version 1903), an error may occur (https://www.securitylab.ru/news/502282.php)

SecurityLab, [05.11.19 11:31]
At one of the special forums unknown put up for sale the data of about 3.5 thousand credit card holders of Alfa-Bank and about 3 thousand customers „Alfastrahovaniya“. The seller published the announcement on October 31 this year, according to RBC.
Data of customers of Alfa-Bank and „AlfaStrakhovanie“ was leaked (https://www.securitylab.ru/news/502286.php)

SecurityLab, [05.11.19 14:01]
Two major Spanish companies, notably radio network Cadena SER and IT firm Everis, were the victims of a targeted ransomware attack.
Two large Spanish companies attacked by ransomware (https://www.securitylab.ru/news/502294.php)

SecurityLab, [05.11.19 14:31]
In order to enhance security, GitLab is considering the possibility to refuse to hire citizens of Russia and China for the position of technical support staff.
GitLab will refuse to hire citizens of China and Russia (https://www.securitylab.ru/news/502295.php)

SecurityLab, [05.11.19 15:21]
The us division of the Nikkei company suffered from a major fraud, which resulted in the loss of about 3.2 billion Japanese yen (approximately $29 million). The funds were transferred by an employee of the company on the instructions of a fraudster acting under the guise of the head of an international firm.
Nikkei company lost $29 million due to fraud (https://www.securitylab.ru/news/502297.php)

SecurityLab, [05.11.19 15:31]
Cisco Talos researchers have discovered two serious vulnerabilities in Investintech’s Able2Extract Professional PDF tool that allow attackers to remotely execute code on a system using malicious graphics files.
Two critical vulnerabilities were discovered in Able2Extract Professional (https://www.securitylab.ru/news/502298.php)

SecurityLab, [06.11.19 08:22]
Mozilla plans to change the way it handles notifications in Mozilla Firefox to reduce the number of annoying pop-UPS.
Mozilla will reduce the number of pop-UPS in Firefox (https://www.securitylab.ru/news/502303.php)

SecurityLab, [06.11.19 08:22]
A new method of fraud that allows to „Rob“ Bank accounts of Amazon users is becoming increasingly popular among cybercriminals. Unbeknownst to the victim, the attackers connect a smart TV to her account that does not appear in normal settings and that even the Amazon tech support team cannot remove. Through this phantom device, cybercriminals make online purchases using the victim’s Bank card, even if she has changed her password and enabled two-factor authentication.Phantom TVs steal Amazon users ‚ money (https://www.securitylab.ru/news/502304.php)

SecurityLab, [06.11.19 08:52]
Following the meeting held last Friday, November 1, the Board of the Ministry of internal Affairs instructed to work out measures to reduce the number of crimes using information and telecommunication technologies.

Among other measures, the possibility of blocking the cellular signal in prisons in order to prevent the activities of fraudulent call centers located in them is being considered.

This „RBC“ said a source familiar with the instructions.

In prisons of the Russian Federation can block a signal of cellular communication (https://www.securitylab.ru/news/502309.php)

SecurityLab, [06.11.19 09:22]
The size of penalties considered by the state Duma for violation of requirements on storage in the Russian Federation of personal data of Russians can be reduced.

The maximum penalty of 18 million rubles for repeated violation may remain.

These amendments were made to the relevant bill, which is being prepared for the second reading.

Penalties for violations of data storage requirements in the Russian Federation may be reduced (https://www.securitylab.ru/news/502310.php)

SecurityLab, [06.11.19 10:02]
With the help of malicious software, a resident of Ussuriysk hacked the mailboxes of users of foreign trade Internet sites, including Amazon.

A resident of Ussuriysk robbed users of online stores (https://www.securitylab.ru/news/502314.php)

SecurityLab, [06.11.19 11:02]
On November 1 of this year, a package of amendments to the laws „on communications“ and „on information“ came into force, providing for the integrity, stability and security of the Runet in the event of external threats.

Now the Russian government has established a list of these threats, Interfax reports.

The government has identified a list of threats to Runet (https://www.securitylab.ru/news/502354.php)

SecurityLab, [06.11.19 11:32]
In 2017, cybercrime group the ShadowBrokers released an archive of malware and hacking tools stolen from the Equation Group, which cybersecurity experts associate with the us national security Agency.

This archive, among other things, contained a script that allowed to get on the trail of a certain APT group, called DarkUniverse.

Archive Shadow Brokers brought on the trail of a mysterious group DarkUniverse (https://www.securitylab.ru/news/502357.php)

SecurityLab, [06.11.19 14:22]
The github portal hosts a tool called Kamerka, designed to collect data about Internet-connected devices.

The tool displays their approximate location on the map.

With Kamerka, organizations can scan their networks for vulnerable hardware.

A tool for detecting vulnerable industrial equipment has been published (https://www.securitylab.ru/news/502359.php)

SecurityLab, [06.11.19 15:42]
Broadcom, which develops and delivers software solutions for semiconductors and infrastructures, announced the completion of its acquisition of Symantec’s Enterprise Security division.

Broadcom acquired Symantec Enterprise Security for $10.7 billion (https://www.securitylab.ru/news/502360.php)

SecurityLab, [06.11.19 16:12]

(auto translated)

admin