Robert Abel SC Media | Page 2 of 169

Robert Abel

Content Coordinator/Reporter

Most recent articles by Robert Abel

NUUO NVRmini2 Network Video Recorder firmware vulnerability allows arbitrary code


A vulnerability in NUUO NVRmini2 Network Video Recorder firmware.​NVRmini2 firmware version 3.9.1 and prior could allow an unauthenticated remote attacker to execute arbitrary code on the system with root privileges. The product is vulnerable to an unauthenticated remote buffer overflow caused by the improper sanitizations of user-supplied inputs and a lack of length checks on data…

Huawei responds to allegations of NSA hacking

China cyberespionage efforts increase following Trump presidency after brief pause


China has accelerated its cyberespionage efforts after a hiatus that began in 2015 when then President Obama struck an agreement to end China’s practice of cyberespionage attacks against American firms, military contractors and government agencies to steal designs, technology and corporate secrets, usually on behalf of China’s state-owned firm. Officials debate the cause for the…

Microsoft’s Azure MFA down for second time in two weeks


Microsoft’s Azure Multi-Factor Authentication (MFA) service went down for the second time in just over a week. The problem occurred on Nov. 27 around 9:15 am Eastern when several Office 365 users began reporting on Twitter that they were unable to log into their service due to MFA issues. Microsoft’s Azure status dashboard was updated around…

ElasticSearch server exposed data of nearly 57M U.S. residents


An ElasticSearch server database containing the information of nearly 57 million U.S. residents was found to have been left exposed without a password. On November 20, 2018, Bob Diachenko, director of cyber risk research for Hacken, which also discovered the Kars4Kids leak, discovered the breach while conducting a security audit of publicly available servers with…

London-based Urban Massage app leaks data on 300K customers, including sexual misconduct claims


A data breach of London-based startup Urban Massage exposed the personal records of more than 309,000 users including data on clients accused of sexual misconduct. The service offers “wellness that comes to you” allowing users to book massage therapist to come them. The breach was the result of the company leaving its Google-hosted ElasticSearch database…

Smash Bros. Ultimate leaks, Nintendo struggles to contain breach


Nintendo is struggling to contain leaks surround the release of Smash Bros. Ultimate after reports of the game being sold early in Mexico and pirated copies being released online being trawled by data miners for hidden info. The controversy started Wednesday when someone posted an image of the game’s purported retail packaging. A few days…

Schneider’s Modicon Quantum programmable logic controller plagued with vulnerabilities in end life


Multiple vulnerabilities were discovered in Schneider’s Modicon Quantum programmable logic controller affecting all M340, Premium, Quantum PLCs and BMXNOR0200 products. Modicon Quantum products are used for complex process control, safety and infrastructure in industrial settings like manufacturing and were found to contain vulnerabilities that could allow an attacker to change any user’s password including the…

Researchers link XLoader and FakeSpy malware families to Yanbian Gang


Trend Micro researchers believe they have spotted a connection between the XLoader and FakeSpy malware families along with possible ties to the Yanbian Gang. Researchers suspect both malware types are either being operated by the same threat group or that their operators are affiliated with each other as each malware family uses similar code to…

Drake’s Fortnite account hacked, Travis Scott may also be affected


After taking home a Soul Train Award Toronto rapper Drake may be looking to change his Fortnite account password after someone hijacked his account to spew racial slurs during a charity livestream event. Livestreamer Tyler “Ninja” Blevins was streaming for The Ellen Fund, a wildlife conservation fund created by Ellen host Ellen DeGeneres, when he received an invite…

Trickbot’s latest trick? POS feature


Trickbot’s latest trick involves the addition of a point-of-sale (POS) malware making the already modular banking trojan more dangerous. The new modules scan for indicators if the infected devices is connected to a network that supports POS services and machines although researchers haven’t fully grasped the capabilities or intentions of the these actions, according to…

Next post in News