Vulnerability | SC Media

Vulnerability

WhatsApp patches flaw allowing easy installation of Pegasus spyware

By

Facebook posted a security advisory for a buffer overflow vulnerability in its subsidiary WhatsApp that could allow an attacker to install Pegasus spyware on victims devices. The  Israeli NSO group developed spyware allows its users to turn on a phone’s camera and mic, scan emails and messages, and collect the user’s location data and can…

Drupal core patches moderately critical vulnerability

By

Drupal core released a patch for a  moderately critical vulnerability in third-party libraries that could allow the by-passing of protection of Phar Steam Wrapper Interceptor. The vulnerability occurs when untrusted data is used to abuse the logic of the application, according to, TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor. “In order to intercept file…

IOT2

Uptick in IoT related data breaches as unsecured devices increase

By

A recent  Ponemon Institute study found, there has been a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017. The study found these breaches account for 26 percent of incidents, up from 15 percent, although the actual number may be greater as most organizations aren’t aware of…

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Man-in-the-Middle vulnerabilities in D-Link cameras

By

A series of vulnerabilities in the D-Link DCS-2132L cloud camera allow attackers to remotely tap into the video streams of the devices and also manipulate the device’s firmware. The vulnerabilities included unencrypted cloud communication, insufficient cloud message authentication and unencrypted LAN communication, according to a May 2, 2019 ESET blog post. A threat actor can…

EA Origin client bug allows threat actors to run remote code

By

A vulnerability in the Electronic Arts (EA)  online gaming platform Origin could allow an attacker to trick unsuspecting gamers into remotely running malicious code on their computer. Security researchers Daley Bee and Dominik Penner of Underdog Security discovered the bug affecting tens of millions of Windows users with the Origin app installed, according to TechCrunch.…

April Microsoft Patch Tuesday addresses two actively exploited zero-days

By

Microsoft April 2019 Patch Tuesday’s release included fixes for 74 vulnerabilities, 15 of which were classified as critical and most of which affect the Windows operating system itself and two actively exploited vulnerabilities. The actively exploited vulnerabilities included two Win32K Elevation of Privilege vulnerabilities on of which was discovered by the Alibaba Cloud Intelligence Security…

Facebook patches denial-of-service flaw in its open-source Fizz TLS implementation

By

Facebook last month patched a critical denial-of-service vulnerability in Fizz, its open-source implementation for Transport Layer Security protocol TLS 1.3, researchers have reported. Unauthenticated remote attackers could exploit the flaw to create an “infinite loop,” causing the web service to be unavailable for other users and thus disrupting service, according to a March 19 blog…

Xiaomi electric scooter vulnerability allows remote hacks

By

The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its  Anti-Theft System, Cruise-Control,…

#WatchOut children’s watch vulnerabilities have gotten

By

More than a year after announcing the #WatchOut vulnerabilities in Gator brand children’s smartwatches, researchers revisited the platform and found even greater vulnerabilities in Gator and other children’s smartwatch manufacturers. While the initial vulnerabilities spotted in October 2017 allowed unauthorized access, remote audio surveillance, location spoofing, and SOS compromise, recent tests conducted by the Pen…

AppleMalware2

Apple releases updates for iOS, macOS, tvOS, watchOS and other products

By

Apple Tuesday released updates to address vulnerabilities in several of its products including its macOS and iOS operating systems. The iOS updates include a patch for a FaceTime vulnerability which would allow a remote attacker to infiltrate a FaceTime call causing arbitrary code execution which affected  iPhone 5s and later, iPad Air and later, and…

Next post in Security News