According to Researchers at Radboud University in the Netherlands ‘data storage devices with self-encrypting drives don’t provide the expected level of data protection. They say a malicious expert with direct access to widely sold storage devices can bypass existing protection mechanisms without knowing the user-chosen password and access the data. As reported in newelectronics.co.uk these flaws existed […]
Experts point out that the recent data breach that had impacted Cathay Pacific exposes a gap in Hong Kong laws. The Hong Kong-based international airline had, on October 24, 2018, acknowledged a data breach that had impacted its computer system at least seven months before. A Cathay Pacific press release had stated, “Cathay Pacific announced […]
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems […]
To run flawfinder, simply give flawfinder a list of directories or files. For each directory given, all files that have C/C++ filename extensions in that directory (and its subdirectories, recursively) will be examined. Thus, for most projects, simply give flawfinder the name of the source code’s topmost directory (use ‘‘.’’ for the current directory), and […]
A Python script for AWS S3 bucket enumeration. Inspired by a conversation with Instacart’s @nickelser on HackerOne, I’ve optimized and published Sandcastle – a Python script for AWS S3 bucket enumeration, formerly known as bucketCrawler. The script takes a target’s name as the stem argument (e.g. shopify) and iterates through a file of bucket name permutations, such as […]
The lawsuit is due to the flaws in the identification cards issued by the company The Estonian authorities have taken legal action against the security company Gemalto, filing a lawsuit for €152M after security failures in citizen identification cards issued by the company were discovered, as reported by specialists in ethical hacking from the International Institute of Cyber Security. These defective cards will be removed later. “The Estonian police are trying to recover €152M (about $178M […]
Rafay Baloch has reported Vulnerability in Edge and Safari Browsers that Allows Address Bar Exploitation. Nowadays the phishing attacks have become increasingly sophisticated and difficult to detect so it is indeed appreciable that security researchers are managing to spot such campaigns in their initial phases. Reportedly, a security researcher from Pakistan Rafay Baloch has discovered […]
A lawsuit has been filed against tech giant Google, accusing Google of tracking locations even when the “Location History” setting is turned off. It was just ten days ago that AP News revealed, following an investigation that it had done, that Google was tracking iPhone and Android device users even when they turned the related […]
This year’s Defcon witnessed many interesting events, including the hacking of voting machines by 11-year-olds and macOS’s vulnerabilities to grant permissions to Malware with the help of invisible clicks. In another interesting event at Defcon 2018, security researchers from US Mobile and IoT security firm Kryptowire have unearthed the fact that the default apps of […]
Spreading fake news through WhatsApp was never so easy before. According to the latest research from Check Point security firm, WhatsApp users are at the risk of getting their private chats and group conversations hacked and exploited. Researchers discovered a new wave of attacks that allow cybercriminals to penetrate your messages on WhatsApp. This penetration […]
Enterprise network security researchers found dozens of flaws that could expose smart home devices to attacks Enterprise network security experts discovered 20 vulnerabilities present in the firmware of Samsung’s SmartThings Hub controller that would potentially expose any compatible smart home device to cyber attacks. These vulnerabilities could allow a hacker to execute Operating System commands […]
Scout2 is a security tool that lets AWS administrators assess their environment’s security posture. Using the AWS API, Scout2 gathers configuration data for manual inspection and highlights high-risk areas automatically. Rather than pouring through dozens of pages on the web, Scout2 supplies a clear view of the attack surface automatically. Note: Scout2 is stable and […]
Another day, another security fix released by Intel. In a blog post, Positive Technologies has detailed four different vulnerabilities found in the Intel Management Engine. The fixes for these flaws were pushed in the early July. It’s worth noting that the flaws found are similar to the ones reported by the security firm last year. Those […]
Email users who use PGP (based on OpenPGP) and S/MIME to encrypt and decrypt their communications are at “immediate risk.” The reason is that a team of European researchers has found critical flaws in the encryption standards and currently there are no fixes available. The vulnerabilities dubbed EFAIL are harmful as they can reveal the contents of […]
Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital cannot ensure optimal security and the same has been the case with smart cars. Security researchers Daan Keuper and Thijs Alkemade from Computest claim that some of the car models manufactured by Audi and Volkswagen contain a […]
Critical Flaws in Intel’s Remote Keyboard App for Android Lead to its Discontinuation. As is the norm with security researchers, when bugs are discovered in any software especially the critical ones, software vendor issues an apology and releases a security update after fixing the flaw. People update the software and carry on with using it. […]
Last week, the Isreal-based security company CTS labs was trending in the news for disclosing 13 critical vulnerabilities in AMD’s Ryzen and Epyc processors–only to be slammed by Linus Torvalds and many other people. Now, the AMD has come up with a response on the matter. According to a blog post published on Tuesday, the security […]
The bug bounty program will remain open until December 31st, 2018. Recently, the identification of serious CPU flaws called Spectre and Meltdown shook the tech community. Although the gravity of damage has been controlled considerably still there is room for mitigation. Perhaps that’s the reason why Microsoft has decided to roll out a new bug bounty […]
Researchers at the Purdue University and the University of Iowa, USA, have managed to break the key 4G LTE protocols for generation of fraudulent messages, spy upon users and modify user location data. Researchers Syed Rafiul Hussain, Shagufta Mehnaz and Elisa Bertino from Purdue University and Omar Chowdhury from the University of Iowa collaborated to […]
A flight of new research papers show 4G LTE networks can be exploited for all sorts of badness. There have been lots of reasons to be concerned about how easily someone with the right tools and knowledge could do very bad things with cellular communications networks. And while none of them have necessarily been to […]
Another AWS Bucket exposed to the public. This time the AWS Bucket belonged to Birst. A cyber security team have discovered a massive trove of data exposed due to an unprotected Amazon Web Services (AWS) S3 bucket. The database belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm. The exposed database contained 50.4 […]