Network Security | SC Media

Network Security

Automakers pen 'privacy principles' for in-car technology

Misconfigured database exposes 198M records on prospective auto buyers

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity…

WordPress update fixes assortment of XSS flaws

The developers of WordPress last week issued a short-cycle maintenance release for its content management system software, introducing 29 fixes and improvements. The new version, 5.2.3, remedies six issues that can enable cross-site scripting (XSS) attacks. These include XSS flaws found in post previews, stored comments and shortcode previews, and another XSS vulnerability that results…

Vulnerability round-up: Mozilla, Cisco and Samba issue security updates

The Mozilla Foundation, Cisco Systems and the Samba development team yesterday all issued security updates for their respective products, fixing a multitude of software vulnerabilities. Mozilla released updates for Firefox 69, as well as Firefox Extended Support Release (ESR) versions 68.1 and 60.9, in the process patching 20 flaws among them. The only critical-severity bug…

TaiwanUSB

Supermicro fixes BMC software flaws that expose servers to virtual USB attacks

High-tech manufacturer Supermicro this week issued an update for its baseboard management controller (BMCs) software, after researchers found a series of vulnerabilities that remote attackers could exploit to mount USB devices to affected servers over any network connection, including the internet. The bugs affect Supermicro’s X9, X10, X11, H11 and H12 servers, and are found…

VacationingLaptop

Half a million Teletext Holidays files unsecured

UK-based travel company Teletext Holidays left a trove of its customer data unsecured, exposing 530,000 files including some to 200,000 audio files of calls made by customers. The Amazon Web Services (AWS) server, left unsecured for three years, showed the names of the users, their email and home addresses, telephone numbers and dates of birth, reported…

Researcher details decades-old design flaws in Microsoft’s CTF protocol

Google Project Zero researcher Tavis Ormandy yesterday disclosed a series of 20-year-old flaws in Microsoft’s CTF protocol that could allow unauthorized parties to take over applications that use said protocol. According to Ormandy’s blog post and technical analysis, the flaw is specifically found in the msctf subsystem, which is a component of the Text Services…

Cisco issues multiple product updates, fixes critical flaws in small business switches

Cisco Systems issued a series of security updates on Aug. 6 and 7, in the process disclosing 26 vulnerabilities, including two critical ones found in its Small Business 220 Series Smart Switches. The two most serious bugs consist of a remote code execution flaw (CVE-2019-1913) and an authentication bypass vulnerability (CVE-2019-1912) in the aforementioned switches,…

‘Know thyself:’ To combat external ATP threats, first look inward

To most effectively combat sophisticated and stealthy cyberattacks by advanced nation-state actors, today’s modern-day security operations center must first truly understand their own businesses, according to Monzy Merza, vice president of security research at Splunk. “They have to understand where the risks are, where the threats are based on the environment that they’re living. So…

Banking flaw

Monzo updates apps after incorrectly storing banking customer PINs

The U.K.-based digital bank Monzo Sunday disclosed that it has fixed an error that caused certain customers’ PIN codes to be stored in a less secure area of its internal systems. In an Aug. 4 company blog post, the mobile-only banking services provider acknowledged that it mistakenly had recorded some customers’ PINs in encrypted log…

Over 200M devices affected by critical flaws found in real-time operating system

VxWorks, a real-time operating system (RTOS) that runs on more than 2 billion devices — many in industrial, health-care and enterprise environments — has been found to contain 11 vulnerabilities, six of which are critical flaws that enable remote code execution. Around 200 million devices are running the vulnerable versions of the RTOS, according to…

Next post in Vulnerabilities