US Fertility, the largest network of fertility centers in the U.S., says that some of its systems were encrypted in a ransomware attack that affected the company two months ago, in September 2020.
Tamagotchi hacker, Natalie Silvanovich, who works as a Security Engineer on Prjoect Zero at Google recently received a bounty of $60,000 for identifying a bug in Facebook Messenger which allows a call to connected much before the callee has answered the call. The bug seems to exist on the Android Facebook messenger app only.
The advisory states that an attacker could exploit this vulnerability by sending a crafted request to this affected device and that a successfully exploited device would allow access to the attacker to download arbitrary files.
The vulnerability resides in two misconfigured registry keys for the RPC Endpoint Mapper and DNSCache services that are part of all Windows installations.
The shell script is responsible for deleting the file quarantine attribute for the files in the bundle and for removing the file quarantine attribute of files in the system, copying the Word document to a temp directory and opening it, extracting the second-stage binary and changing its access permissions, then deleting the malware app bundle and the Word document from the system.
A newly identified family of the information-stealing Discord malware called CursedGrabber is making rounds in open-source ecosystems. As a part of the CursedGrabber campaign, Sonatype has discovered more malware in the NPM registry, the recent one is named xpc.js, which was published to NPM registry around November 11.
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits for one of core’s dependencies and some configurations of Drupal are vulnerable.”
As of 2021, older Android-based phones may not be able to operate a range of secure websites, according to Let’s Encrypt, an open certification authority. This refers to versions of Android previous to Nougat 7.1.1.