Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Malicious voice apps can turn Alexa and Google Home devices into spies, say researchers

Cybercriminals could potentially develop malicious voice apps that turn Amazon Alexa devices and Google Home smart speakers into spy equipment that eavesdrops on users and even phishes for passwords, according to a new report. The report, from Germany-based Security Research Labs (SRLabs), warns that security lapses in the way Google Home and Alexa devices (such…

Leaks reveal the spy tactics which leveraged Wi-Fi in a major airport to track travelers.

Leaky Autoclerk database exposes info on travelers, including military and gov’t personnel

A leak at Autoclerk, a reservations management system recently acquired by the Western Hotel & Resorts Group, exposed personal and travel information on hotel guests, including members of the U.S. government, military and Department of Homeland Security. “Our team viewed highly sensitive data exposing the personal details of government and military personnel, and their travel arrangements…

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

Cisco fixes critical Aironet Access Points flaw, addresses 29 more bugs

Cisco today released 28 security advisories, in the process addressing a total of 30 vulnerabilities, including a critical unauthorized access bug found in the company’s Cisco Aironet Access Points (APs) software. Officially designated CVE-2019-15260, the flaw potentially can be exploited to view sensitive information, interfere with configuration options and disable the AP, in order to create…

VMware advisory warns users to patch critical issue in product

VMware patches critical bug in Harbor Container Registry for PCF

VMware yesterday issued a security advisory acknowledging a critical “broken access control” vulnerability found in VMware Cloud Foundation and Harbor Container Registry for Pivotal Cloud Foundry (PCF). According to the advisory, malicious actors with administrative access to a project could potentially exploit the flaw in order to “create a robot account inside of an adjacent…

Oracle addresses vulnerabilities with 154 security fixes

Oracle patches 218 security vulnerabilities

Oracle issued more than 200 security patches across a wide swath of its product line with Fusion Middleware, Java SE and MySQL receiving the majority of the fixes. Overall 218 fixes were issued in the October update. This is the fourth security update issued by Oracle in 2019 with the next scheduled for January 2020.…

WordPress patches 6 bugs

WordPress rolled out version 5.2.4 patching six vulnerabilities as a short-term fix prior to the release of version 5.3. WordPress version 5.2.3 and earlier are affected by these bugs. The problems covered included an issue where stored XSS could be added via the Customizer, a method of viewing unauthenticated posts, a way to create a…

Pentagon ‘Hack the Proxy’ program uncovers 31 vulnerabilities, one critical

Ethical hackers found 31 vulnerabilities – one rated critical while nine got a high severity rating – during the Pentagon’s Hack the Proxy program on the HackerOne platform. Although the Sept. 3-18 initiative was eighth version of the bug bounty program, it was the first “focused on securing content intermediaries for publicly accessible proxy servers…

netherlandscrireport_1230499

Report: Hacker steals Dutch prostitution forum data

Hookers.nl, a Dutch online forum for prostitutes, escorts and their clientele, has reportedly suffered a data breach that has exposed the details of 250,000 users, whose data is being offered for sale. Compromised information includes email addresses, usernames, IP addresses and passwords. Usernames are typically aliases but certain real names can likely be derived from…

Next post in Cybercrime