Microsoft warns about Internet Explorer zero-day, but no patch yet

Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild — a so-called zero-day. The company’s security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks. At the time of writing, there is no patch for this issue…. Read more →

Visa’s plan against Magecart attacks: Devalue and disrupt

Payments processor Visa does not intend to stand idle and watch as the current epidemy of Magecart (web skimming) attacks continues to rage unchallenged. Beginning last summer, Visa begun throwing considerable resources at combating Magecart — a type of attack were cybercriminals hack into an online store to plant malware that collects payment card data as users enter personal details… Read more →

Visa’s plan against Magecart attacks: Devalue and disrupt

Payments processor Visa does not intend to stand idle and watch as the current epidemy of Magecart (web skimming) attacks continues to rage unchallenged. Beginning last summer, Visa begun throwing considerable resources at combating Magecart — a type of attack were cybercriminals hack into an online store to plant malware that collects payment card data as users enter personal details… Read more →

Singapore public sector called out for recurring IT lapses

Singapore’s public sector must plug weaknesses in IT controls and resolve recurring lapses, or these will adversely impact accountability over public funds and resources. Greater use of analytics also should be considered to identify unusual behaviour within public IT systems, according to the latest report by the Public Accounts Committee.  Responsible for assessing how public funds are used, the committee… Read more →

Microsoft to add new Chief Strategy and Digital Officers to its executive roster

Microsoft is beefing up the team reporting to Senior Leadership Team member Kurt Delbene starting next month. Delbene, who is Microsoft’s Executive Vice President of Corporate Strategy and Core Services Engineering and Operations (as well as the company’s CHief Digital Officer) is getting two new reports, both of whom are industry veterans. Bobby Yerramilli-Rao is joining the company as Chief… Read more →

Apple’s latest iOS update is truly getting on my nerves

It was working fine. Until it wasn’t. For many people, it’s a ritual. Apple tells you there’s an iOS update. You assume it’s important enough to be acted upon. You download the update and everything is so much better. Or, more likely, you don’t notice any difference at all, which is just dandy, because you’re trying to get on with… Read more →

Kubuntu Focus: A new top-of-the-line Linux laptop arrives

Why 2019 was the year of Linux and open-source software These five stories show why the future of technology belongs to Linux and open-source software. For years, there have been high-powered Linux laptops like Dell’s XPS 13 Developer Edition, System76’s Serval WS, and ZaReason’s UltraLap 6440 i5, but I’ve never seen anything quite as powerful out of the box as… Read more →

JhoneRAT exploits cloud services to attack Middle Eastern countries

Why did a sophisticated banking Trojan start to send nasty SMSs? The feature is certainly one way to advertise a malware infection on your smartphone. A new Trojan on the scene is selectively attacking targets in the Middle East by checking keyboard layouts and attempts to avoid blacklisting by abusing cloud services.  On Thursday, cybersecurity researchers from Cisco Talos said… Read more →

WordPress plugin vulnerability can be exploited for total website takeover

Critical bugs in WordPress plugins put over 300,000 websites at risk If you use these plugins you should update immediately as firewall protection will not work. A WordPress plugin has been found to contain “easily exploitable” security issues that can be exploited to completely take over vulnerable websites.  The plugin at the heart of the matter, WP Database Reset, is… Read more →

FBI seizes WeLeakInfo, a website that sold access breached data

US authorities have seized this week the domain of WeLeakInfo.com, an online service that for the past three years has been selling access to data hacked from other websites. The website provided access to people’s cleartext passwords, allowing hackers to purchase a subscription on the site and gain access to billions of user credentials. Due to this illegal practice, the… Read more →

Cornerstone acquires Clustree for its AI-powered skills engine

Cornerstone On Demand, which makes human capital management (HCM) software, on Thursday announced it is acquiring Clustree, a French technology company with an AI-powered skills engine and an extensive skills ontology. Cornerstone is paying $18.5 million in all cash, and the deal is expected to close this quarter.  Cornerstone plans to integrate Clustree’s skill engine and skill ontology into multiple… Read more →

FBI: Nation-state actors have breached two US municipalities

Image: ZDNet Nation-state hackers have breached the networks of two US municipalities last year, the FBI said in a security alert sent to private industry partners last week. The hacks took place after attackers used the CVE-2019-0604 vulnerability in Microsoft SharePoint servers to breach the two municiplities’ networks. The FBI says that once attackers got a foothold on these networks,… Read more →