What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-04-20 13:24:31 | Expert Insight On Critical \'Starbleed\' Vulnerability Found In FPGA Chips (lien direct) | It has been reported that, in a joint research project, scientists from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and from Max Planck Institute for Security and Privacy have discovered a critical vulnerability is hidden in FPGAs’. Field Programmable Gate Arrays (FPGAs) are flexibly programmable computer chips that are considered to be … The ISBuzz Post: This Post Expert Insight On Critical ‘Starbleed’ Vulnerability Found In FPGA Chips | Vulnerability | ||
|
2020-04-16 13:48:21 | Expert Comment: TikTok Vulnerability Enables Hackers To Show Users Fake Videos (lien direct) | In response to a new report that reveals hackers are exploiting a security weakness in TikTok and planting fake videos in users' feeds that appear to come from official sources, an expert from KnowBe4 offers perspective. The ISBuzz Post: This Post Expert Comment: TikTok Vulnerability Enables Hackers To Show Users Fake Videos | Vulnerability | ★★ | |
|
2020-04-08 13:24:57 | The DarkHotel (APT-C-06) Attacked Chinese Institutions Abroad via Exploiting SangFor VPN Vulnerability (lien direct) | In a report published today (http://blogs.360.cn/post/APT_Darkhotel_attacks_during_coronavirus_pandemic.html), Qihoo 360 made it public that it detected an APT attack that delivers malicious files through hijacked security services of a domestic VPN provider. They have reported the vulnerability details to the service provider and received confirmation. Further reversing shows that the attack can be attributed to the Darkhotel … The ISBuzz Post: This Post The DarkHotel (APT-C-06) Attacked Chinese Institutions Abroad via Exploiting SangFor VPN Vulnerability | Vulnerability | ★★★ | |
|
2020-04-06 12:28:07 | (Déjà vu) Expert Response On DarkHotel Hackers Use VPN Zero-day To Breach Chinese Government Agencies (lien direct) | Foreign state-sponsored hackers have launched a massive hacking operation aimed at Chinese government agencies and their employees. Attacks began last month, in March, and are believed to be related to the current coronavirus (COVID-19) outbreak. Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide … The ISBuzz Post: This Post Expert Response On DarkHotel Hackers Use VPN Zero-day To Breach Chinese Government Agencies | Vulnerability | ||
|
2020-03-31 13:58:23 | (Déjà vu) Experts Insight On A Mysterious Hacker Group Is Eavesdropping On Corporate Email And FTP Traffic (lien direct) | Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting a different zero-day vulnerability in DrayTek Vigor … The ISBuzz Post: This Post Experts Insight On A Mysterious Hacker Group Is Eavesdropping On Corporate Email And FTP Traffic | Vulnerability Threat | ||
|
2020-03-30 12:49:38 | (Déjà vu) Researchers Find Bug Existing Since iOS 13.3.1 Which Interferes With VPNs Encrypting Traffic (lien direct) | It has been reported that there is currently an unpatched security vulnerability affecting iOS 13.3.1 or later which prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users’ data or leak their IP addresses. While connections made after connecting to a VPN on your … The ISBuzz Post: This Post Researchers Find Bug Existing Since iOS 13.3.1 Which Interferes With VPNs Encrypting Traffic | Vulnerability Guideline | ||
|
2020-03-24 11:59:51 | Expert Advise On Microsoft Says Hackers Are Attacking Windows Users With A New Unpatched Bug (lien direct) | It has been reported that Microsoft says attackers are exploiting a previously undisclosed security vulnerability found in all supported versions of Windows, including Windows 10 – the company said there is currently no patch for the vulnerability. The security flaw, which Microsoft deems “critical” is found in how Windows handles and renders fonts, according to the advisory posted Monday. … The ISBuzz Post: This Post Expert Advise On Microsoft Says Hackers Are Attacking Windows Users With A New Unpatched Bug | Vulnerability | ||
|
2020-03-16 10:49:27 | 100K Sites Affected By Vulnerabilities Patched In Popup Builder Plugin – Exper Insight (lien direct) | On March 4, researchers discovered several vulnerabilities in Popup Builder, a WordPress plugin installed on over 100,000 sites, including one that allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. The other vulnerability allowed any logged-in user, even those with minimal permissions such as a subscriber, … The ISBuzz Post: This Post 100K Sites Affected By Vulnerabilities Patched In Popup Builder Plugin – Exper Insight | Vulnerability | ||
|
2020-03-12 13:18:18 | UK And Netherlands Most At Risk In Europe When Mitigating Critical Vulnerabilities (lien direct) | New vulnerability research by Outpost24 has revealed interesting data trends in vulnerability management across different regions and sectors. When analysed, the number of high, medium and low-risk security vulnerabilities based on CVSS criticality shows the Netherlands had the largest percentage of high-risk critical vulnerabilities in Europe (50%), with the UK marginally behind in second (43%). The … The ISBuzz Post: This Post UK And Netherlands Most At Risk In Europe When Mitigating Critical Vulnerabilities | Vulnerability | ||
|
2020-03-11 12:43:52 | (Déjà vu) Expert Insight On Microsoft Leaks Info On Wormable Windows SMBv3 CVE-2020-0796 Flaw (lien direct) | It has been reported that Microsoft leaked info on a security update for a ‘wormable’ pre-auth remote code execution vulnerability found in the Server Message Block 3.0 (SMBv3) network communication protocol that reportedly should have been disclosed as part of this month’s Patch Tuesday. The vulnerability is due to an error when the SMBv3 handles maliciously crafted compressed … The ISBuzz Post: This Post Expert Insight On Microsoft Leaks Info On Wormable Windows SMBv3 CVE-2020-0796 Flaw | Vulnerability | ||
|
2020-03-04 10:22:33 | Scanning For Ghostcat – Expert Reaction (lien direct) | Mass scanning activity of Apache Tomcat servers that have not been patched from the Ghostcat vulnerability has been detected. The ISBuzz Post: This Post Scanning For Ghostcat – Expert Reaction | Vulnerability | ||
|
2020-03-02 11:07:01 | 9 Vulnerability Management Pitfalls To Avoid (lien direct) | Vulnerability management (VM) can seem unmanageable at times. But the key to successful VM is working smarter rather than harder. If you approach VM intelligently and prioritize appropriately, you can keep the number of resulting tasks from spiraling out of control. As with any on-going security practice, there are countless ways you can botch VM. … The ISBuzz Post: This Post 9 Vulnerability Management Pitfalls To Avoid | Vulnerability | ||
|
2020-02-25 10:33:48 | Hackers Believe Technology Industry Is Least Secure – CEO Comments (lien direct) | Today, HackerOne has revealed that hackers believe that the technology industry is the least secure, despite it being seemingly full of digital natives. This revelation and more is unveiled for the company's annual Hacker Report, which is a benchmark study of the bug bounty and vulnerability disclosure ecosystem from the perspective of ethical hackers. See below … The ISBuzz Post: This Post Hackers Believe Technology Industry Is Least Secure – CEO Comments | Vulnerability | ||
|
2020-02-19 14:35:35 | (Déjà vu) Expert Analysis Of Serious Vulnerability Discovered In Profinet Industrial Communication Protocol (lien direct) | A serious vulnerability was recently found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service (DoS) attacks. The high-severity vulnerability was discovered last year by researchers at OTORIO, who found that an attacker could easily cause devices to enter a DoS condition - in some cases requiring a hard … The ISBuzz Post: This Post Expert Analysis Of Serious Vulnerability Discovered In Profinet Industrial Communication Protocol | Vulnerability | ||
|
2020-02-17 12:36:19 | Siemens, Moxa Devices Exposed To DoS Attacks By Profinet Vulnerability – Experts Reaction (lien direct) | In response to reports that a serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks, cybersecurity experts offer perspective. The ISBuzz Post: This Post Siemens, Moxa Devices Exposed To DoS Attacks By Profinet Vulnerability – Experts Reaction | Vulnerability | ||
|
2020-02-13 14:28:23 | (Déjà vu) Microsoft\'s February 2020 Patch Tuesday Fixes 99 Security Bugs – Expert Insight (lien direct) | It has been reported that Microsoft has released its February 2020 Patch Tuesday security updates. This month’s updates include fixes for a whopping 99 vulnerabilities, making this Microsoft’s biggest Patch Tuesday known to date. The highlight of this month’s security train represents the fix for CVE-2020-0674, a zero-day vulnerability in Internet Explorer. The ISBuzz Post: This Post Microsoft’s February 2020 Patch Tuesday Fixes 99 Security Bugs – Expert Insight | Vulnerability | ||
|
2020-02-06 14:25:29 | Philips Smart Lights Vulnerability Allows Hopping To Devices On The Network – Experts Advise (lien direct) | Security researchers taking a closer look at the Philips Hue smart bulbs and the bridge device that connects them discovered a vulnerability that helped them compromise more meaningful systems on the local network. Tracked as CVE-2020-6007, the bug has a severity score of 7.9 out of 10. It is a heap buffer overflow that can … The ISBuzz Post: This Post Philips Smart Lights Vulnerability Allows Hopping To Devices On The Network – Experts Advise | Vulnerability | ||
|
2020-02-06 12:15:16 | Experts Reaction On Researcher Finds Vulnerability In WhatsApp Desktop Platform (lien direct) | According to a blog post by PerimeterX, its cybersecurity researcher and JavaScript expert Gal Weizman found a find a gap in the Content Security Policy (CSP) used by WhatsApp, enabling bypasses and cross site scripting (XSS) on the desktop app. The ISBuzz Post: This Post Experts Reaction On Researcher Finds Vulnerability In WhatsApp Desktop Platform | Vulnerability | ||
|
2020-01-29 12:11:57 | LabCorp Exposes Thousands Of Medical Documents – Commentary (lien direct) | A vulnerability in LabCorp's website that hosts the company's internal customer relationship management system, exposed thousands (at least 10,000) of medical documents that contained names, dates of birth, Social Security numbers of patients, lab test results and diagnostic data. While the system was password-protected, the part of the website that pulls patient files from the … The ISBuzz Post: This Post LabCorp Exposes Thousands Of Medical Documents – Commentary | Vulnerability | ||
|
2020-01-24 15:40:09 | NETGEAR TLS Certs Exposure – Expert Source (lien direct) | NETGEAR recently issued a security advisory about a Transport Layer Security (TLS) certificate private key disclosure vulnerability on several of its routers. And this is apparently not the first time the company left TLS certificates and private keys exposed in their wireless router firmware. The certificates and their private keys were embedded into the software, which was … The ISBuzz Post: This Post NETGEAR TLS Certs Exposure – Expert Source | Vulnerability | ||
|
2020-01-22 12:21:52 | Microsoft Warns Attackers Are Exploiting Zero Day In Internet Explorer Scripting Engine (lien direct) | As reported by SC Magazine, hackers are actively exploiting a zero day vulnerability in Internet Explorer, prompting a warning from the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). “Microsoft is aware of limited targeted attacks” in a remote code execution (RCE) vulnerability CVE-2020-0674 in the scripting engine of Internet Explorer across all … The ISBuzz Post: This Post Microsoft Warns Attackers Are Exploiting Zero Day In Internet Explorer Scripting Engine | Vulnerability | ||
|
2020-01-17 20:04:11 | (Déjà vu) Expert On Not-for-profit Open Bug Bounty\'s Record Growth In 2019 (lien direct) | An alternative to costly commercial bug bounties, there is record growth in Open Bug Bounty program. We contacted the security expert to provide his comments on the growth of this open bug bounty program. From their site: “With almost half-a-million vulnerability reports today, we are happy to present you a brief recap of our relentless … The ISBuzz Post: This Post Expert On Not-for-profit Open Bug Bounty's Record Growth In 2019 | Vulnerability | ||
|
2020-01-15 11:41:48 | Major Flaw In Windows 10 Discovered By The NSA – Experts Reactions (lien direct) | Microsoft has released a software update to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organisations have been … The ISBuzz Post: This Post Major Flaw In Windows 10 Discovered By The NSA – Experts Reactions | Vulnerability | ||
|
2020-01-09 14:28:50 | Experts Response On TikTok Vulnerability To Let Hackers Access Users\' Videos (lien direct) | It has been reported that multiple vulnerabilities have been found within video sharing app TikTok. Security researchers found that it was possible to spoof text messages to make them appear to come from TikTok. Once a user clicked the fake link, a hacker would have been able to access parts of their TikTok account, including uploading and deleting videos … The ISBuzz Post: This Post Experts Response On TikTok Vulnerability To Let Hackers Access Users' Videos | Vulnerability | ||
|
2019-12-17 15:12:56 | Experts On Research: One In Every 172 Active RSA Certificates Are Vulnerable To Attack (lien direct) | A vulnerability has been discovered in RSA certificates that could compromise one in every 172 certificates currently in active use. On Saturday at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in Los Angeles, Calfornia, a team of researchers from Keyfactor presented their findings into the security posture of digital certificates, … The ISBuzz Post: This Post Experts On Research: One In Every 172 Active RSA Certificates Are Vulnerable To Attack | Vulnerability | ||
|
2019-12-17 12:15:45 | Qualys Partners With Google To Natively Embed The Qualys Cloud Agent Into The Google Cloud Platform (lien direct) | One-click integration automatically installs the Qualys Cloud Agent and reports vulnerabilities directly into the Google Security Command Center Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced it has partnered with Google Cloud to provide its customers with one-click vulnerability assessment via seamless integration of the Qualys … The ISBuzz Post: This Post Qualys Partners With Google To Natively Embed The Qualys Cloud Agent Into The Google Cloud Platform | Vulnerability Guideline | ||
|
2019-12-05 14:53:58 | Atlassian Zero-day Vulnerability Exposed (lien direct) | Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting … The ISBuzz Post: This Post Atlassian Zero-day Vulnerability Exposed | Vulnerability | ★★★★★ | |
|
2019-12-05 14:29:11 | Comments On HackerOne Breach Lets Outside Hacker Read Customers\' Private Bug Reports (lien direct) | HackerOne, a leading vulnerability reporting platform that has paid hackers more than $23M on behalf of 100+ customers, has paid a $20,000 bounty out of its own pocket after accidentally giving an outside hacker the ability to read and modify some customer bug reports. The outsider was a HackerOne community member who had a proven track record … The ISBuzz Post: This Post Comments On HackerOne Breach Lets Outside Hacker Read Customers’ Private Bug Reports | Vulnerability Guideline | ||
|
2019-11-14 19:31:50 | Expert On Microsoft\'s November 2019 Patch Tuesday Fixes IE Zero-day, 74 Flaws (lien direct) | With the release of the November 2019 security updates, Microsoft has released 2 advisories and updates for 74 vulnerabilities. Of these vulnerabilities, 13 are classified as Critical. The November 2019 Patch Tuesday also fixes a critical remote code execution vulnerability in Internet Explorer that was being actively exploited in the wild. The ISBuzz Post: This Post Expert On Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-day, 74 Flaws | Vulnerability | ||
|
2019-11-08 13:18:14 | Expert Advise Or IoT In Wake Of Recent Ring Doorbells Expose (lien direct) | Security researchers have found a vulnerability in Amazon Ring Doorbells that exposed the passwords for the Wi-Fi networks to which they were connected. Bitdefender said the Amazon-owned doorbell was sending owners' Wi-Fi passwords in cleartext as the doorbell joins the local network, allowing nearby hackers to intercept the Wi-Fi password and gain access to the network to … The ISBuzz Post: This Post Expert Advise Or IoT In Wake Of Recent Ring Doorbells Expose | Vulnerability | ||
|
2019-11-04 13:21:58 | Expert On BlueKeep Exploitation Spotted In The Wild (lien direct) | On November 2, security researchers Kevin Beaumont (@GossiTheDog) and Marcus Hutchins (@MalwareTechBlog) confirmed the first in-the-wild exploitation of CVE-2019-0708, also known as BlueKeep. CVE-2019-0708, a critical remote code execution vulnerability in Microsoft's Remote Desktop Services, was patched back in May 2019. This weekend, Beaumont observed blue screens of death (BSODs) for his BlueKeep honeypots on November 2. Beaumont … The ISBuzz Post: This Post Expert On BlueKeep Exploitation Spotted In The Wild | Vulnerability | ||
|
2019-10-31 16:24:19 | Experts Reactions Facebook Portal Vulnerability (lien direct) | It has been reported that developer and digital explorer Jane Manchun Wong has discovered an unnerving “feature” in Facebook's giant's smart display. Wong has successfully added another user's photo album to her own Portal's Superframe. The problem is Facebook states that a person can only add photo albums to Portal's screensaver that are part of their Facebook account. Wong reported … The ISBuzz Post: This Post Experts Reactions Facebook Portal Vulnerability | Vulnerability | ||
|
2019-10-17 16:05:51 | (Déjà vu) Experts Comments On Millions Of Amazon Echo And Kindle Devices Affected By Wi-Fi Bug (lien direct) | It has been reported that millions of Amazon Echo 1st generation and Amazon Kindle 8th generation are susceptible to an old WiFi vulnerability called KRACK that allows an attacker to perform a man in the middle attack against a WPA2 protected network. Using this attack, bad actors can decrypt packets sent by clients in order to steal sensitive information … The ISBuzz Post: This Post Experts Comments On Millions Of Amazon Echo And Kindle Devices Affected By Wi-Fi Bug | Vulnerability | ||
|
2019-10-11 11:16:33 | Dutch Website Hack Reveals Data Of 250000 Sex Workers\' Clients (lien direct) | The account details of the 250 thousand users of Dutch website Hookers.nl have leaked out after a vulnerability on the website was exploited. A hacker captured the members’ data and is offering it for sale, NOS reports based on its own research after an anonymous tip. The website is popular among clients of sex workers, … The ISBuzz Post: This Post Dutch Website Hack Reveals Data Of 250000 Sex Workers’ Clients | Hack Vulnerability | ||
|
2019-10-08 18:04:45 | Experts Comment: Attackers Exploit 0-Day Vulnerability That Gives Full Control Of Android Phones (lien direct) | Google has found a vulnerability that resides in the Android operating system’s kernel code and can be used to help an attacker gain root access to the device. Ironically, the vulnerability was patched in December 2017 in Android kernel versions 3.18, 4.14, 4.4, and 4.9, but newer versions were found to be vulnerable, ZDNet reported. The ISBuzz Post: This Post Experts Comment: Attackers Exploit 0-Day Vulnerability That Gives Full Control Of Android Phones | Vulnerability | ||
|
2019-10-07 11:21:33 | Experts On Attackers Exploit Zero-Day Vulnerability That Gives Full Control Of Android Phones (lien direct) | It has been reported that attackers are exploiting a zero-day vulnerability in Google's Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google's Project Zero research group said on Thursday night. There's evidence the vulnerability is being actively exploited, either by … The ISBuzz Post: This Post Experts On Attackers Exploit Zero-Day Vulnerability That Gives Full Control Of Android Phones | Vulnerability | ||
|
2019-10-04 13:49:20 | Commentz: New WhatsApp Malicious GIF Image Flaw (lien direct) | It has been reported that a new bug has been disclosed; one that allows an attacker to use a malicious GIF image file to open a vulnerability in WhatsApp and potentially access user content. The bug was identified and shared by “technologist and information security enthusiast” Awakened on Github, with a detailed explanation of how it works. Essentially, the bug relies … The ISBuzz Post: This Post Commentz: New WhatsApp Malicious GIF Image Flaw | Vulnerability | ||
|
2019-10-03 14:27:29 | Expert Comments: A Flaw In Webex And Zoom Let Researchers Snoop On Users\' Video Calls (lien direct) | It has been reported that a team of security researchers found they could tap into Webex and Zoom video meetings because many weren't protected with a code. Researchers programmed a bot to cycle through lists of valid meeting IDs and get access to active conference calls. The vulnerability works because many companies and users don't protect their meetings … The ISBuzz Post: This Post Expert Comments: A Flaw In Webex And Zoom Let Researchers Snoop On Users' Video Calls | Vulnerability | ||
|
2019-10-01 11:59:54 | Experts Dots On U.S. Steps Up Scrutiny Of Airplane Cybersecurity (lien direct) | It has been reported that concerns that planes could be targeted in cyberattacks are prompting U.S. officials to re-energize efforts to identify airliners' vulnerability to hacking. The revived program, led by the Department of Homeland Security and involving the Pentagon and Transportation Department, aims to identify cybersecurity risks in aviation and improve U.S. cyber resilience in a … The ISBuzz Post: This Post Experts Dots On U.S. Steps Up Scrutiny Of Airplane Cybersecurity | Vulnerability | ★★ | |
|
2019-09-30 14:25:45 | \'Hundreds Of Millions\' Of iPhones Vulnerable To New \'Unfixable\' Hack (lien direct) | It has been reported that a new vulnerability in Apple's iOS operating system is sitting on hundreds of millions of iPhones, iPads and iPods, according to the researcher who found it. The hack has been dubbed checkm8 by a researcher who goes by the name axi0mX, who described the hack as “a permanent unpatchable bootrom exploit for hundreds … The ISBuzz Post: This Post 'Hundreds Of Millions' Of iPhones Vulnerable To New 'Unfixable' Hack | Hack Vulnerability | ||
|
2019-09-26 14:28:16 | Hackers Exploit Unpatched Bug In Rich Reviews WordPress Plugin – PerimeterX Comments (lien direct) | Hackers are currently exploiting an unpatched vulnerability in the Rich Reviews WordPress plugin for malvertising campaigns. Although the plugin was removed for security reasons from the WordPress repository more than six months ago, it is estimated that 16,000 websites still have it running. The two issues allowing the attack are a lack of access controls … The ISBuzz Post: This Post Hackers Exploit Unpatched Bug In Rich Reviews WordPress Plugin – PerimeterX Comments | Vulnerability | ||
|
2019-09-25 14:18:33 | (Déjà vu) Experts On Microsoft Released Emergency Patch For Internet Explorer (lien direct) | Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug. In case you are covering the story, I thought you might be interested in a comment from Jake Moore, Cybersecurity Specialist … The ISBuzz Post: This Post Experts On Microsoft Released Emergency Patch For Internet Explorer | Vulnerability | ||
|
2019-09-24 11:31:50 | Microsoft Releases Out-of-band Security Update To Fix IE Zero-day & Defender Bug (lien direct) | It has been reported that Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug. The ISBuzz Post: This Post Microsoft Releases Out-of-band Security Update To Fix IE Zero-day & Defender Bug | Vulnerability | ★★ | |
|
2019-09-13 13:31:53 | Instagram Confirmed Security Vulnerability – Commentary (lien direct) | Instagram's parent company Facebook has confirmed that a newly discovered security vulnerability may have put data at risk, leaving users open to attack by threat actors. A security researcher ran tests on the platform and he successfully retrieved “secure” user data. This data included users' real names, Instagram account numbers and handles, and full phone numbers. The … The ISBuzz Post: This Post Instagram Confirmed Security Vulnerability – Commentary | Vulnerability Threat | ★★★ | |
|
2019-09-12 13:27:01 | Uber Account Takeover Vulnerability Discovered (lien direct) | According to this link, https://www.forbes.com/sites/daveywinder/2019/09/12/uber-confirms-account-takeover-vulnerability-found-by-forbes-30-under-30-honoree/#16085ecf9b87, a security vulnerability has been discovered that could allow attackers to compromise and control any Uber account. The vulnerability could be exploited to track a user's location and take rides from their account via an application programming interface (API) request This involved first acquiring the user universally unique identifier (UUID) of … The ISBuzz Post: This Post Uber Account Takeover Vulnerability Discovered | Vulnerability | Uber | |
|
2019-09-11 13:58:00 | Vancouver Coastal Health And Patients\' Data Vulnerability (lien direct) | A nonprofit privacy advocacy group called Open Privacy Research Society discovered that the sensitive medical information of patients being admitted to certain hospitals across the Greater Vancouver Area is being broadcast, unencrypted, by hospital paging systems, and that these broadcasts are easily interceptable. The society discovered the vulnerability and notified Vancouver Coastal Health (VCH) immediately … The ISBuzz Post: This Post Vancouver Coastal Health And Patients’ Data Vulnerability | Vulnerability | ||
|
2019-08-30 17:32:04 | Cisco IOS XE Routers Exposed To Rare 10/10-Severity Security Flaw (lien direct) | It has been reported that Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to … The ISBuzz Post: This Post Cisco IOS XE Routers Exposed To Rare 10/10-Severity Security Flaw | Vulnerability | ||
|
2019-08-29 15:29:00 | (Déjà vu) Check Point Software Patches Privilege Escalation Vulnerability (lien direct) | Check Point Software patched a vulnerability discovered in its Endpoint Security Initial Client software for Windows allowing potential attackers to escalate privileges and execute code using SYSTEM privileges. The privilege escalation security flaw tracked as CVE-2019-8461 makes it possible for attackers to run malicious payloads using system-level privileges as well as evade anti-malware detection by bypassing application whitelisting, … The ISBuzz Post: This Post Check Point Software Patches Privilege Escalation Vulnerability | Vulnerability | ||
|
2019-08-28 12:46:01 | 5 Software Vendors Accounting For Almost 25% Of Vulnerabilities In 2019 (lien direct) | 5 software vendors accounted for 24.1% of all the vulnerabilities in 2019 according to the RiskSense Vulnerability Weaponization Spotlight Report. The ISBuzz Post: This Post 5 Software Vendors Accounting For Almost 25% Of Vulnerabilities In 2019 | Vulnerability | ||
|
2019-08-21 14:34:03 | Apple\'s iOS 12.4 Update Leaves iPhones Open To Jailbreaking (lien direct) | It has been reported that iPhone hackers have discovered Apple’s most recent iOS update, 12.4, released in July, accidentally reopened a code-execution vulnerability that was previously patched – a vulnerability that can be abused to jail-break iThings. A security researcher going by the name of Pwn20wnd released a public jailbreak that exploits the reintroduced bug, and marks one of the first free … The ISBuzz Post: This Post Apple’s iOS 12.4 Update Leaves iPhones Open To Jailbreaking | Vulnerability |
To see everything:
Our RSS (filtrered)
