News

IMSSA FOOD GmbH is a Swiss company specialized in fine foods.
IMSSA FOOD GmbH

IMSSA Food GmbH IMSSA FOOD GmbH is a Swiss company specialized in fine foods.

Some of the most exciting food products for Consumer, Institutional and Industrial use are at your disposal from our company.

Our 25 years of Food Business experience through extended international network and partnerships, allowed us to offer Swiss chocolate products, Swiss Muesli and Breakfast Cereal products, Canned Fruits, Canned Vegetables, Canned Fishes, Fruit Concentrates, Edible Oils, Coffee and not only.

We provide those products in about 40 countries having established permanent relationships with Supermarket Chains, Importers and Industries.

Treating exclusively every Client as privileged, we built excellent long term commercial and business partnerships, worldwide!

Microsoft Outlook is not only offering email service, but it is also providing some other multi-tasking applications such as- Calendar, Contact Manager, Tasks manager, Journal, Note-taking tools, and other amazing tools. You can get the productivity of this application by installing some of the add-ins. Add-ins will help you to add functionality that Outlook is not able to offer by default. At present, RansomSaver is one of the best feature of Outlook. It is an add-on application of Outlook which protects you from emails that carry Ransomware attachments.
There is no doubt that Electronic mail has become a safe reproduction way for ransomware assaults. In the other technique of distribution employed has cleared that it is an adequate substitute for propagating attacks in a short time. In the same way, it is always a fundamental need for users to ensure their email safety.
Read more here: medium.com

Hackers can figure out a person’s password by simply listening to them type on a keyboard, according to a new study.
Using the microphone found on a smartphone, the new method is so effective that it can be carried out in a noisy public space where multiple people are typing, researchers at Southern Methodist University in Texas found.
They discovered the technique by analysing the different sound waves produced when a key on a keyboard is struck.
Read more here: INDEPENDENT

Today Microsoft released a set of fixes for Remote Desktop Services that include two critical Remote Code Execution (RCE) vulnerabilities, CVE-2019-1181 and CVE-2019-1182. Like the previously-fixed ‘BlueKeep’ vulnerability (CVE-2019-0708), these two vulnerabilities are also ‘wormable’, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.
The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions.
Windows XP, Windows Server 2003, and Windows Server 2008 are not affected, nor is the Remote Desktop Protocol (RDP) itself affected.

Kaspersky has uncovered a significant rise in the use of malware designed to harvest consumers’ digital data, known as password stealers. According to Kaspersky’s data, the number of consumers targeted by the stealers increased from less than 600,000 people in the first half of 2018 to over 940,000 during the same period in 2019.
Password-stealing ware (PSW) is a major weapon in a cybercriminals’ toolkit to sabotage consumers’ privacy. This malicious type of software grabs data directly from users’ web browsers using various methods. Often, this includes sensitive data such as access details for online accounts, saved passwords, autofill data and payment card details. Furthermore, some families of this type of malware are designed to steal browser cookies, user files from a specific location (such as a user’s desktop) or app files.
Read more here: securitymagazine.com

The National Security Agency (NSA) will establish a Cybersecurity Directorate that redefines its cybersecurity mission, according to the NSA website.
NSA’s Cybersecurity Directorate is a major organization that unifies NSA’s foreign intelligence and cyber defense missions and is charged with preventing and eradicating threats to National Security Systems and the Defense Industrial Base. Ms. Anne Neuberger, the Director of Cybersecurity, will be leading the Cybersecurity Directorate and reporting directly to General Nakasone. Her previous positions include but are not limited to NSA’s first Chief Risk Officer, Deputy Director of Operations, and Lead of NSA’s Russia Small Group.
General Paul M. Nakasone, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, says, “What I’m trying to get to in a space like cyberspace is speed, agility, and unity of effort.”

Windows 10 continues to be a danger zone. Not only have problems been piling up in recent weeks, Microsoft has also been worryingly deceptiveabout the operation of key services. And now the company has warned millions about another problem.
Spotted by the always excellent Windows Latest, Microsoft has told tens of millions of Windows 10 users that the latest KB4501375 update may break the platform’s Remote Access Connection Manager (RASMAN). And this can have serious repercussions.
Read more here: forbes.com

The ad server for a very popular video converter site was hacked to display malvertising that loads the GreenFlash Sundown exploit kit. This exploit kit would then drop the SEON Ransomware, Pony information stealing Trojan, and miners on a vulnerable computer.
Most web sites that utilize advertising will partner with an ad network that handles the ad serving. Some publishers, though, will utilize their own ad server and use it to display advertisements on their site.
In a new report, Malwarebytes explains that the threat actors behind the GreenFlash Sundown exploit kit are known to compromise a publisher’s ad server so that it display malvertising to visitors.
Read more here: bleepingcomputer.com

Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.

A Windows interface that allows system administrators to configure and monitor systems from an admin level has several vulnerabilities that would allow an attacker to install malicious payloads and even take over a target, privileged machine.

The bugs are grouped under one umbrella (CVE-2019-0948) and are found in the Microsoft Management Console (MMC), according to Check Point researchers Eran Vaknin and Alon Boxiner,

Read more here: threatpost.com

When Atlanta was hit by a devastating ransomware attack in March 2018, it knocked almost all of the city’s agencies offline, impacting everything from scheduling court cases to paying utility bills online and causing decades worth of official correspondence to disappear.
The incident was headline news, and the recovery cost to the city was estimated to be $17 million. (A Department of Justice probe into the cyberattack resulted in indictments of two Iranian hackers.) Security experts warned that Atlanta should be a wake-up call for how vulnerable local and state governments were to these types of attack — and how underprepared they are to combat them.
Read more here: news.vice.com

An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system.

SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half a dozen zero-day vulnerabilities in Windows OS without actually bothering to make Microsoft aware of the issues first.

Read more here: thehackernews.com

A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP).

Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions.

Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists when Microsoft Windows Remote Desktop feature requires clients to authenticate with Network Level Authentication (NLA), a feature that Microsoft recently recommended as a workaround against the critical BlueKeep RDP vulnerability

Read more here: thehackernews.com

Google Project Zero researcher unearths a bug in Microsoft’s Notepad Windows application.

A memory corruption bug in the Microsoft’s Windows Notepad application can be used to open remote shell access – typically a first step for attackers infiltrating a system.

The bug was found by Tavis Ormandy, a bug hunter with Google’s Project Zero team. In a tweet he indicated that the bug was tied to a memory corruption flaw in Notepad, a basic text editor that has shipped on all versions of Windows since 1985.

Read more here: threatpost.com

With advanced tech, smartphones in the hands of every individual, and the occasional self-driving car on the street, one might think that we are living in some futuristic society. Unfortunately, many industries are still stuck with old systems. The recent ransomware attack on Baltimore’s city government highlights the fact that many institutions are facing increasingly higher risks for being reluctant to change.

The ransomware attack on Baltimore, Maryland’s city government computers specifically affected systems that were needed to complete property deals in the region. As a result, during one of the real estate industry’s busiest times of the year, all relevant transactions were put on hold. When it comes to system evolution, the situation is a cold reminder that Baltimore and many other counties in the U.S. somehow got left by the wayside.

Read more here: forbes.com

The US city of Baltimore has been partially paralyzed since 7 May, when a ransomware attack seized parts of the government’s computer systems.
As soon as the city discovered that it had been attacked, it informed the FBI and took its systems offline in an effort to keep the infection from spreading.
But not before the attack took down voicemail, email, a parking fines database, and a system used to pay water bills, property taxes and vehicle citations. Real estate transactions were also shut down.
It was lousy timing, given that this is one of the real estate industry’s busiest times of the year. The Baltimore Sun reported that hundreds of property sales could have been affected: A real estate agent with access to industry data told the newspaper that at least 1,500 sales were pending in Baltimore.
But a sliver of good news came on Monday, when Mayor Bernard Young’s office announced that the city had developed a manual workaround that would allow real estate transactions to resume during the outage.

Read more here: nakedsecurity.sophos.com

After a yearlong investigation, the Dutch Fiscal Information and Investigation Service (FIOD) shut down Bestmixer.io today, one of the largest cryptocurrency laundering platform in the world, with the help of Europol and Luxembourg law enforcement authorities.

The investigation started back in June 2018 with the support of the security firm McAfee and it led to the seizure of the platform’s web domain and six of its servers in Luxembourg and Netherlands.

According to Europol’s press release, “Bestmixer.io was one of the three largest mixing services for cryptocurrencies and offered services for mixing the cryptocurrencies bitcoins, bitcoin cash and litecoins.”

Read more here: bleepingcomputer.com

In a short announcement today, Stack Overflow informs that it was the target of an attack that resulted in hackers accessing its production systems.
The website is currently online and the few public details offered in a brief message say that an investigation revealed that “some level of production access was gained on May 11.” 

Read more here: bleepingcomputer.com

Security researchers have discovered serious vulnerabilities affecting dozens of Cisco devices.
The flaws allow hackers to deceive the part of the product hardware that checks whether software updates come from legitimate sources.
Experts believe this could put emails sent within an organisation at risk as they may use compromised routers.
Messages sent externally constitute less of a risk, however, as they tend to be encrypted.
The California-based firm said it is working on “software fixes” for all affected hardware.

Read more here: bbc.com

A massive cyber-attack using tools believed to have been stolen from the US National Security Agency (NSA) has struck organisations around the world.
Cyber-security firm Avast said it had seen 75,000 cases of the ransomware – known as WannaCry and variants of that name – around the world.
There are reports of infections in 99 countries, including Russia and China.
Among the worst hit was the National Health Service (NHS) in England and Scotland.
The BBC understands about 40 NHS organisations and some medical practices were hit, with operations and appointments cancelled.

Read more here: bbc.com

A hosting company took down a database operated by a spying app this week after it was found displaying thousands of intimate images and recordings online.

MobiiSpy, an Android app that can be used to track what people do on their phones, left over 95,000 images and 25,000 audio recordings on a publicly accessible database according to a report by Motherboard on 22 March.

Although the database didn’t include names or contact information, it did contain call records and photos that could be used to identify the phones’ owners.

According to researchers, the app’s developer had hardcoded the database URL directly into the app, which lets the operator read the target’s phone contacts and texts and even trigger remote recordings without the target’s knowledge.

Read more here: nakedsecurity.sophos.com

Show Buttons
Hide Buttons