Threatpost

Making Sense of the Security Sensor Landscape Chris Calvert of Respond Software (now part of FireEye) outlines the challenges that reduce the efficacy of network security sensors. High-Severity Chrome Bugs Allow Browser Hacks Desktop versions of the browser received a total of eight fixes, half rated high-severity. Novel Online Shopping Malware Hides in Social-Media Buttons The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. VMware Rolls a Fix for Formerly Critical Zero-Day Bug VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to "important." Vancouver Metro Disrupted by Egregor Ransomware The attack, which prevented Translink users from using their metro cards or buying tickets at kiosks, is the second from the prolific threat group just this week. Kmart, Latest Victim of Egregor Ransomware – Report The struggling retailer's back-end services have been impacted, according to a report, just in time for the holidays. TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions A new "TrickBoot" module scans for vulnerable firmware and has the ability to read, write and erase it on devices. DeathStalker APT Spices Things Up with PowerPepper Malware A raft of obfuscation techniques turn the heat up for the hacking-for-hire operation. Reverse Engineering Tools: Evaluating the True Cost Breaking down the true cost of software tools in the context of reverse engineering and debugging may not be as clear-cut as it appears. Cyberattacks Target COVID-19 Vaccine ‘Cold-Chain’ Orgs Cybercriminals try to steal the credentials of top companies associated with the COVID-19 vaccine supply chain in an espionage effort.

Distributed by aarss.com.