Security News












        200,000 Sign Petition Against Equifax Data Breach Settlement. Over 200,000 people have signed a petition
        demanding that the Federal Trade Commission (FTC) holds Equifax properly accountable for the data breach
        that impacted 148 million Americans in 2017. The incident was one of the largest, impacting private
        information such as Social Security numbers, birth dates, addresses, driver's license numbers and credit card
        numbers, and was the result of Equifax not properly implementing necessary security protections, although it
        was aware of weaknesses in its systems. In July 2019, Equifax settled with the authorities to pay at least $575
        million to impacted consumers and to government organizations, which would supposedly translate to eligible
        individuals receiving $125 in cash. Free credit monitoring options were also offered to the impacted
        consumers. A week later, the FTC warned that those users who would opt for cash would not receive the
        estimated $125, but a very small amount of that, due to the large number of claims filed. With nearly half of
        the United States’ adult population impacted, the result was not surprising..

                Source: https://www.securityweek.com/200000-sign-petition-against-equifax-data-breach-settlement



        Documents reveal how Russia taps phone companies for surveillance. In cities across Russia, large boxes in
        locked rooms are directly connected to the networks of some of the country’s largest phone and internet
        companies. These boxes, some the size of a washing machine, house equipment that gives the Russian
        security services access to the calls and messages of millions of citizens. This government surveillance system
        remains largely shrouded in secrecy, even though phone and web companies operating in Russia are forced by
        law to install these large devices on their networks. But documents seen by TechCrunch offer new insight into
        the scope and scale of the Russian surveillance system — known as SORM (Russian: COPM) — and how
        Russian authorities gain access to the calls, messages and data of customers of the country’s largest phone
        provider, Mobile TeleSystems (MTS) .

                Source: https://techcrunch.com/2019/09/18/russia-sorm-nokia-surveillance/



        AMD Radeon Driver Flaw Leads to VM Escape. A vulnerability in the AMD ATI Radeon ATIDXX64.DLL driver
        could be triggered from within a VMware guest to execute code on the host, Cisco Talos warns. This specific
        vulnerability exists on the AMD Radeon RX 550 and the 550 series video cards. What’s more, the issue can
        only be triggered when running VMWare Workstation 15, Talos’ security researchers have discovered. The
        security bug was found in the ATIDXX64.DLL driver versions 25.20.15031.5004 and 25.20.15031.9002, and only
        exists on VMWare Workstation 15 running as guest on a Windows 10 x64 machine. The security researchers
        explain that an out-of-bounds memory write could be triggered via a specially crafted pixel shader inside the
        VMware guest OS, to the AMD ATIDXX64.DLL driver. The attacker could trigger the flaw from a VMware guest
        usermode to potentially execute code on the associated VMware host. An attacker could theoretically trigger
        the issue through WEBGL (remote website) as well.

                Source: https://www.securityweek.com/amd-radeon-driver-flaw-leads-vm-escape








                                                    www.accumepartners.com
                                                                                                                     5