securityXspace: a blog about cyber-philosophy.

Dell’s SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Source: Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers

Mozilla on Thursday patched a second zero-day vulnerability in Firefox that has been exploited by malicious actors to deliver Mac malware to cryptocurrency exchanges. read more Source: Mozilla Patches Second Firefox Zero-Day Used in Cryptocurrency Attacks

The social media giant Facebook has announced plans to launch a digital currency in 2020. If you’re a member of their platform and think they know all there is to know about you, some experts say just wait. That’s because Facebook will also gain access to all of your financial information as well. Source: Experts…

Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers to apply the security update as soon as possible. Speed is of the essence as, according to KnownSec 404 researchers, the vulnerability is already being exploited in the wild. About…

If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild. Source: Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control Security Intelligence IBM X-Force discovered a zero-day remote code execution vulnerability in TP-Link Wi-Fi extenders that could enable an attacker to command a device with the … Source: Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control

Kaspersky Labs write: In February this year, a curious backdoor passed across our virtual desk. The analysis showed the malware to have a few quite unpleasant features. It can spread itself over a local network via an exploit, provide access to the attacked network, and install miners and other malicious software on victim computers. Read…

Facebook’s Libra pitches to be the future of money BBC News How the social network aims to overcome trust issues to make people use its cryptocurrency. Source: Facebook’s Libra pitches to be the future of money

“These tools totaled more than 30,000 successful decryptions and have saved victims roughly $US 50 MILLION in unpaid ransom,” also it cuts the ransomware operators monetization options. GandCrab a Look Back. The ransomware strain first spotted in January 2018; it is the most sophisticated and continuously changing ransomware. Source: End of GandCrab – New Free…

Homeland Security has tested a working BlueKeep remote code execution exploit TechCrunch Homeland Security’s cyber agency says it has tested a working exploit for the BlueKeep vulnerability, capable of achieving remote code execution on a … Source: Homeland Security has tested a working BlueKeep remote code execution exploit