Browsing tag
Various Linux distributions might be affected by this new vulnerability Digital forensics experts from the International Institute of Cyber Security report that, thanks to a recently discovered vulnerability, a user account with limited privileges on most Linux operating systems with a UID value greater than 2147483647 could run any SYSTEMCTL command without authorization. The […]
Another day, another data breach – This time, the IT security researcher at HackenProof have discovered a massive trove of personal data of over 66 million users exposed online due to an unprotected MongoDB database. In October and November 2018, HackenProof’s security researcher Bob Diachenko identified several unprotected MongoDB instances believed to be hosted by a […]
An attacker could spoof messages, hijack screen controls, or expel other conference attendants A considered critical vulnerability in the Zoom videoconferencing application could allow a remote attacker to hijack screen controls and expel conference attendants, as reported by digital forensics specialists from the International Institute of Cyber Security. Researchers from a cybersecurity firm published a […]
The social network would pay up to $40k USD for reporting errors that allow a single account takeover In the middle of an image crisis because of critics of users and regulatory authorities on its data protection policy, Facebook has announced the expansion of its bug bounty program for experts in ethical hacking and […]
The vulnerability persisted on the Postal Service website for almost a year Cybersecurity and digital forensics specialists from the International Institute of Cyber Security reported that the United States Postal Service has corrected a security vulnerability (ranked as critical), due to which data of over 60 million users who are registered on the usps.com website were exposed. […]
Facebook has silently patched a vulnerability very recently that enabled 3rd party sites to extract user information without seeking the consent of individual users first. The aggregate data extraction includes user “likes”, and all its subcategories. It is unfortunate that 2018 is not a good year for Facebook, after that very damaging 30 million Facebook […]
According to Researchers at Radboud University in the Netherlands ‘data storage devices with self-encrypting drives don’t provide the expected level of data protection. They say a malicious expert with direct access to widely sold storage devices can bypass existing protection mechanisms without knowing the user-chosen password and access the data. As reported in newelectronics.co.uk these flaws existed […]
Just like personal computers, smartphones and tablets, new smart devices such as the highly viral remote quadcopters (AKA drones) are powered by an operating system. As part of the territory, these systems need to be regularly updated, patched to close vulnerabilities as issues become known. That basically what happened with DJI drones, when they recently […]
Computer security vulnerabilities are a threat that has spawned a booming industry, between the heightened global focus on security, and the proliferation of high-profile computer viruses and worms that have had major impacts worldwide, the time is right to be in the computer security business. When one thinks about who benefits from security problems, typically […]
Application security testing was not a vital part of software development in the early days of computing. In those early days, the most important factor was that the developers meet the deadline, for the program to run as intended. The security issue was seen as an afterthought, an idea that the developer will patch the […]
A Tesla Model S was stolen recently in Essex, England after a pair of thieves hacked the car’s high-tech keyless entry system. The whole incident, however, got recorded on the owner’s security cameras. The thieves had used a method called “relay attack”, exploiting a vulnerability in the car’s PKE (Passive Keyless Entry) system. PKE, unlike […]
Just like the healthcare industry, the financial market players are also a profitable target of cybercriminal elements. The Global DNS Threat Report 2018 by Efficient IP has released a report on the vulnerability of the financial institutions to the threat of DNS-based cyber attacks. All computers on a network require configuration of DNS, last year […]
An open-source hosting panel software provider, Vesta Control Panel (VestaCP), has admitted that the company became a victim of a supply chain attack. In an announcement made by VestaCP on its forum, it was revealed that the hacker managed to contaminate the source code of its project with DDoS malware. The malware was capable of […]
There is a huge difference between an Android antivirus and an Android app that offers vulnerability scans. The former has questionable effectiveness due to the way Google developed Android as a Linux-based system with a sandbox app system. APK files do not interact with other Android apps on a deep level, as each app is […]
The Internet continues to be a rich environment for vulnerability scans against weak websites and web hosting facilities. Businesses with a web presence are the most attacked entities on the Internet, most especially the Small, Medium and Micro Enterprises. Startup companies and SME’s are the business establishments with the least funding for a credible cybersecurity […]
Google Project Zero’s Natalie Silvanovich has discovered a critical vulnerability in the Facebook-owned WhatsApp instant messaging app. In her twitter feed last October 9, 2019, she broke the news to the public: This is a big deal. Just answering a call from an attacker could completely compromise WhatsApp. https://t.co/vjHuWt8JYa — Tavis Ormandy (@taviso) October 9, […]
Google announced Google+ shut down following the security breach that exposed 500,000 Google+ accounts. The bug allows third-party developers to access user’s name, email address, occupation, gender, and age. According to WSJ Google discovered the bug in March 2018 and they did not disclose the bug. Google+ Shut down In a blog post the tech […]
In today’s world, automation is the name of the game. People expect a faster way to do the job, to meet deadlines and settle obligations. Same goes with the security industry, the system administrator profession, and web development jobs; automation lessens the time to finish the tasks. PHP, a well-known language in web development is […]
Mozilla Firefox Released security updates that cover 2 critical vulnerabilities in Firefox 62.0.3 and Firefox ESR 60.2.2. One of the remote code execution vulnerability allows a remote attacker to get access to the system and both vulnerabilities are categorized under a critical impact. Mozilla released Firefox 62.0.3 along with these 2 security patches and users can download the new version […]
The Linux Kernel since version 3.16 to 4.18.8 has an unfixed vulnerability, as disclosed by Google Project Zero. The vulnerability was first exposed by Jann Horn, a cybersecurity researcher under the Project Zero program. Now known as CVE-2018-17182, it is a cache invalidation bug that affects the memory management Linux module. Successful exploitation of the […]
According to experts vulnerability sales have been all but driven off the dark web, which now operates in the open. For years the secretive market for zero-day exploits thrived in the dark corners of the internet. A recent report on Fifth Domain reads “The cyber intelligence firm FireEye has only recorded three zero-day sellers on […]