A roundup of the top news stories in information security this week, including a slew of vulnerabilities addressed by Microsoft and Adobe, researchers claim to have cracked the new iPhone X's Face ID, and more. 



Firefox
BROWSER SECURITY

FireFox to Offer Tracking Protection in Upcoming Update

The Firefox 57 update that’s will be released on November 14 will feature Tracking Protection that protects users from having their browsing habits being snooped on. Known as Quantum, the update “will ship with a list of sites which have been identified as engaging in cross-site tracking of users,” according to Firefox. Although it will debut on Firefox 57, it currently is not featured in the version 57 beta.

Click here for full article.




 

Airplane Hacking

HACKING

Researchers Successfully Hack Boeing 757

A team of public and private security professionals successfully hacked a Boeing 757 airliner. An official with the Department of Homeland Security disclosed the “remote, non-cooperative penetration” event at a recent conference. Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology Directorate said the hack was accomplished without having to touch the airplane’s systems physically.

 

Click here for full article.

 

 

Oracle

PATCHES

Oracle Issues Emergency Patch for Critical Tuxedo Server Flaws

Oracle has pushed two emergency patches for vulnerabilities impacting application server Tuxedo. The two flaws achieved a severity rating of 10 and 9.9 respectively. A total of five vulnerabilities were discovered, according to the company, but the two major flaws received high CVSS ratings. The application server software allows enterprise cloud customers to develop and manage applications.

Click here for full article.

 




Adobe Flash

VULNERABILITIES

Adobe Addresses More Than 50 Bugs in Reader and Acrobat

Adobe patched a slew of remote execution vulnerabilities in their Acrobat and Reader products this week. Additionally, the company also addressed a handful of critical flaws in its Flash Player. A total of 56 bugs were patched in Acrobat and Reader, while five critical flaws were fixed in the Flash Player. According to Adobe, none of the patched vulnerabilities are under active attack.



Click here for full article.



iPhone X

MOBILE SECURITY

Researchers Claim They’ve Cracked iPhone X Face ID

Researchers with Vietnamese security firm Bkav have claimed to have cracked the iPhone X’s new Face ID authentication technology. According to a video released by the experts, they were able to crack the technology with a composite mask of 3-D-printed plastic, silicone, makeup, and simple paper cutouts, according to a report by Wired. The demo has yet to be confirmed publicly by other security researchers.

Click here for full article.

 

 


Microsoft Patch Tuesday
PATCH TUESDAY

Microsoft Issues Security Update Patching 53 Security Flaws

Microsoft’s November edition of Patch Tuesday featured fixes for a total of 53 security vulnerabilities. The flaws were found in the company’s Windows OS, Office, Internet Explorer, Microsoft Edge, ASP.NET Core, and Chakra Core browser engine products. The good news? No zero-day flaws were discovered this month.

 

Click here for full article.

 

  



NK Hackers
ESPIONAGE

FBI and DHS Issue Alerts About Hidden Cobra Espionage Campaign

Two alerts issued by jointly by the FBI and DHS detail the malicious cyber activity of North Korean state-sponsored hackers. Dubbed Hidden Cobra, the espionage campaign has been leveraging a North Korean remote administration tool (RAT) called FALLCHILL since 2016 to target aerospace, telecommunications, and finance industries.


Click here for full article.





FundingINFOSEC INSIDER

ReFirm Labs Lands $1.5 Million in Funding

A startup founded by two NSA veterans has received $1.5 million in seed money from DataTribe, an incubator that focuses on government research lab technology. ReFirm’s is focused on launching its Centrifuge Platform, which aims to automatically detect security flaws in connected devices such as consumer electronics.


Click here for full article.






Cisco Phone

VULNERABILITIES

Cisco Warns Customers of Flaw in Voice OS-Based Products

Users of Cisco Systems’ Voice Operating Systems software platform were vulnerable to attack after the company discovered a flaw in the widely-used software. The company issued a security advisory warning to its customers this week, after spotting the flaw that could allow a remote hacker to gain unauthorized and elevated access to affected devices.

Click here for full article.