Network Security | SC Media

Network Security

Twitter fixes API bug that shared data with wrong developers


Twitter on Friday disclosed that it fixed a bug in its Account Activity API (AAAPI) for app developers that may have mistakenly sent certain user data and content to the wrong developers who were not authorized to see this information. The AAAPI, which enables developers build tools that help customers communicate via Twitter, contained the…

Report: Microsoft misses disclosure deadline to patch RCE bug in JET


Trend Micro’s Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsoft’s JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window. Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within…


Apple issues updates for multiple operating systems, Safari browser


Apple yesterday released software updates for five of its offerings: Safari, ioS, watchOS, tvOS and Apple Support for iOS. The company fixed three vulnerabilities in Safari 12: a logic issue that could enable a malicious website to exfiltrate autofilled data (CVE-2018-4307), an error that prevents users from deleting their browsing history if their visits involved…

Amazon Logo

Report: Amazon employees under investigation for allegedly sharing internal data with merchants


Online mega-retailer Amazon reportedly has launched an investigation into employees who may have accepted bribes from independent merchants in exchange for sharing private corporate data. Citing sellers and brokers with knowledge of the practice, as well as people familiar with Amazon’s investigations, the Wall Street Journal reported yesterday that data being shared in violation of…

Survey: Nearly one-third of breached companies reported job losses after data breach


Nearly one-third of surveyed companies that experienced a data breach in the previous 12 months said the incident cost certain employees their jobs. Conducted by Kaspersky Lab last March and April, the “Global Corporate IT Security Risks Survey” elicited responses from 5,878 businesses across 29 countries. Among this data set, 1,062 small-to-medium-sized businesses and 863…

Google’s desktop update for Chrome squashes two bugs


Google yesterday updated the its browser for Windows, Mac and Linux machines, fixing two vulnerabilities, including one considered high in severity. In a blog post, Google described the more serious bug as a “function signature mismatch” in WebAssembly binary language. The vulnerability has yet to be assigned a CVE number, but it did manage to…

‘Pass’ words: Philadelphia Eagles are the NFL team most often referenced in credentials


Proud Philadelphia Eagles fans might want to think of a more secure way to honor their Super Bowl-winning NFL franchise than using their team name as a user password. But an analysis of 61.5 million anonymized passwords found more references to “Eagles” and other team-related keywords than any other NFL franchise, according to a just…

ProtonVPN and NordVPN reinforce incomplete patch for code execution bug


Two OpenVPN-based virtual private network clients have reportedly updated their software after a researcher discovered that a previous attempt to patch an arbitrary code execution vulnerability was not entirely effective. According to Cisco Systems’ Talos division, the bugs in Switzerland-based ProtonVPN (CVE-2018-4010) and Panama-based NordVPN (CVE-2018- 3952) can allow attackers in Windows environments to use…

Patched bug could have allowed attackers to remotely disconnect PLC devices from ICS systems


Energy management and automation firm Schneider Electric updated its Modicon M221 programmable logic controller for industrial controls systems after researchers discovered a vulnerability that could allow attackers to remotely disconnect the device. The flaw, designated CVE-2018-7789, is classified as an improper check for unusual or exception conditions. While such conditions wouldn’t normally occur, attackers can deliberately trigger them by sending…

Mozilla Firefox update includes repair for critical memory safety bugs


The Mozilla Foundation on Wednesday issued updates for the classic Firefox web browser and its Extended Support Release, in the process fixing nine vulnerabilities, one deemed critical. Six of the nine errors were discovered in both Firefox and Firefox ESR, while the reminder were located in only the former. The most serious flaw, designated CVE-2018-12376,…

Next post in News