Vulnerability | SC Media

Vulnerability

netherlandscrireport_1230499

Report: Hacker steals Dutch prostitution forum data

Hookers.nl, a Dutch online forum for prostitutes, escorts and their clientele, has reportedly suffered a data breach that has exposed the details of 250,000 users, whose data is being offered for sale. Compromised information includes email addresses, usernames, IP addresses and passwords. Usernames are typically aliases but certain real names can likely be derived from…

BitPaymer ransomware attackers exploit Apple flaw to bypass detection

Apple has patched a vulnerability in iCloud for Windows and iTunes for Windows that malicious actors had been exploiting to evade antivirus and endpoint detection and response systems as they attempted to infect machines with ransomware. Specifically, the zero-day flaw was discovered in Bonjour – a mechanism for delivering future updates and also for helping…

Autonomous vehicle sensors tricked by “invisible” drone projections of road signs

A group of researchers developed an attack to trick “Level 0” autonomous vehicle sensors by using drones which project images too quick for humans to see but slow enough for the vehicle’s sensors.  Level 0 autonomy systems advise human drivers but don’t directly operate the vehicle and Ben Gurion University security researchers performed the experiment…

Cessna

DHS warns small aircraft are vulnerable to cyberattacks from those with physical access

The Department of Homeland Security (DHS) issued a warning that small aircraft can easily be hacked by threat actors who have physical access to the vehicles. By hacking into the aircrafts’ CAN bus system, threat actors can take control of key navigation systems and easily manipulate telemetry data potentially resulting in loss of control of…

Google researchers discover six iPhone vulnerabilities, one unpatched

Google Project Zero researchers discovered six iPhone security vulnerabilities, one of which remains unpatched, and four of which could lead to the execution of malicious code. All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via  SMS, MMS, Visual Voicemail, iMessage and Mail, according…

Best IPsec/SSL VPN

Multiple advisories for various VPN providers

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of multiple vulnerabilities in Virtual Private Network (VPN) applications. The vulnerabilities are in the Palo Alto GlobalProtect portal and GlobalProtect Gateway interface products, FortiGuard FortiOS system product, and Pulse Security Pulse Connect Secure / Pulse Policy Secure products and could allow threat actors to take…

Banner vulnerability allows remote access to records of more than 60 colleges

At least 62 colleges were affected by a software vulnerability in a program called Banner, operated by Ellucian, that allows threat actors to infiltrate colleges’ private records. The vulnerability, CVE-2019-8978, was reported in May 2019 and allows an attacker to log in to the Banner system with an institutional account and leverage scripts in the…

Cisco releases updates, one ‘Critical,’ two ‘High’ severity ratings

Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system. The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software…

Drupal patches access bypass vulnerability

Drupal released a security update to patch an access bypass vulnerability in Drupal Core which could allow an attacker to take control of an affected website. The problem exists in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created and can be mitigated by disabling the Workspaces module, according…

Next post in Vulnerabilities