Vulnerabilities | SC Media

Vulnerabilities

Phishing emails spoof WebEx invites, abuse Cisco open redirect

That WebEx meeting invite you just received may actually be a phishing email that spreads the WarZone remote access trojan by abusing a Cisco open redirect. An open redirect is an app or website vulnerability — caused by improper authentication of URLs — that allows attackers to introduce their own URLs that route users or…

Patched bug allows beaming of malicious apps to NFC-enabled Android devices

Google last month patched an Android bug that could allow attackers to transfer a malicious application to a nearby NFC-enabled device via the Android Beam feature, bypassing security mechanisms in the process. The vulnerability was discovered in early 2019 by the research team at Nightwatch Cybersecurity, which late last month published a company blog post…

Attackers attempt large-scale BlueKeep exploit to spread cryptominer

Almost nearly six months of warnings that Microsoft Windows users must patch the critical Remote Desktop Protocol vulnerability known as BlueKeep, researchers finally have detected the first known attempt at a large-scale attack aimed at exploiting his remote code execution flaw. Since last May, security experts have expressed concern that a BlueKeep exploit attack could…

Google patches Chrome flaw used in mysterious WizardOpium exploit attack

Google last Thursday issued an update to its Chrome browser for Windows, Mac and Linux desktop environments, fixing two high-level vulnerabilities, including one that mysterious attackers have been exploiting as a zero day to deliver malware. The two bugs, fixed in version 78.0.3904.87, were identified as CVE-2019-13721, a use-after-free in PDFium, and CVE-2019-13720 a use-after-free…

We interviewed cyber experts on a Vegas ferris wheel. Then ride security showed up…

In the film “Ocean’s 11,” Danny Ocean and his team of expert cybercriminals execute a daring casino heist in glitzy Las Vegas. This past summer at the Black Hat and DEF CON conferences in Sin City, the editorial staff at SC Media attempted to pull off a less ambitious – and decidedly more legal –…

Facebook sues surveillance tool provider and hosts of hacking websites

Facebook this week filed a lawsuit against a reputed spyware provider that allegedly exploited a WhatsApp vulnerability to enable smartphone hacking, and also pursued legal action against the domain hosts of multiple websites that allegedly offer tools for hacking the social network. On Tuesday, Facebook and its encrypted messaging subsidiary WhatApp filed a complaint against…

Report: Hotel chain modifies bed-facing robots to prevent unwanted spying

A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit. In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the…

Malicious voice apps can turn Alexa and Google Home devices into spies, say researchers

Cybercriminals could potentially develop malicious voice apps that turn Amazon Alexa devices and Google Home smart speakers into spy equipment that eavesdrops on users and even phishes for passwords, according to a new report. The report, from Germany-based Security Research Labs (SRLabs), warns that security lapses in the way Google Home and Alexa devices (such…

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

Next post in Network Security