Vulnerability | SC Media

Vulnerability

AppleMalware2

Fixed Apple sign-in bug could have enabled hijacking of 3rd-party accounts

A security researcher in Delhi, India, reported that Apple paid him $100,000 through its bug bounty program for finding a vulnerability in its Sign in with Apple feature that could have resulted in the takeover of users’ third-party website and app accounts. In a May 30 blog post, researcher Bhavuk Jain explains how he detected the bug that could have fully compromised third-party user accounts , regardless…

Hacker group announces jailbreak for iOS 11 – 13.5

Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver. The jailbreak is reportedly made possible thanks to a zero-day kernel vulnerability discovered by Unc0ver hacker @Pwn20wnd. [1, 2, 3] Jailbreaks are hotly anticipated events for certain tech…

Report: FBI issues alert after two municipalities hacked via SharePoint

The FBI this month reportedly issued an alert to its private industry partners, warning that a probable nation-state hacking group had recently compromised the networks of two U.S. municipalities via unpatched, vulnerable Microsoft SharePoint servers. According to the report, from ZDNet, the flaw the hackers reportedly abused was CVE-2019-0604, a remote code execution bug caused by…

netherlandscrireport_1230499

Report: Hacker steals Dutch prostitution forum data

Hookers.nl, a Dutch online forum for prostitutes, escorts and their clientele, has reportedly suffered a data breach that has exposed the details of 250,000 users, whose data is being offered for sale. Compromised information includes email addresses, usernames, IP addresses and passwords. Usernames are typically aliases but certain real names can likely be derived from…

BitPaymer ransomware attackers exploit Apple flaw to bypass detection

Apple has patched a vulnerability in iCloud for Windows and iTunes for Windows that malicious actors had been exploiting to evade antivirus and endpoint detection and response systems as they attempted to infect machines with ransomware. Specifically, the zero-day flaw was discovered in Bonjour – a mechanism for delivering future updates and also for helping…

Autonomous vehicle sensors tricked by “invisible” drone projections of road signs

A group of researchers developed an attack to trick “Level 0” autonomous vehicle sensors by using drones which project images too quick for humans to see but slow enough for the vehicle’s sensors.  Level 0 autonomy systems advise human drivers but don’t directly operate the vehicle and Ben Gurion University security researchers performed the experiment…

Cessna

DHS warns small aircraft are vulnerable to cyberattacks from those with physical access

The Department of Homeland Security (DHS) issued a warning that small aircraft can easily be hacked by threat actors who have physical access to the vehicles. By hacking into the aircrafts’ CAN bus system, threat actors can take control of key navigation systems and easily manipulate telemetry data potentially resulting in loss of control of…

Google researchers discover six iPhone vulnerabilities, one unpatched

Google Project Zero researchers discovered six iPhone security vulnerabilities, one of which remains unpatched, and four of which could lead to the execution of malicious code. All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via  SMS, MMS, Visual Voicemail, iMessage and Mail, according…

Best IPsec/SSL VPN

Multiple advisories for various VPN providers

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of multiple vulnerabilities in Virtual Private Network (VPN) applications. The vulnerabilities are in the Palo Alto GlobalProtect portal and GlobalProtect Gateway interface products, FortiGuard FortiOS system product, and Pulse Security Pulse Connect Secure / Pulse Policy Secure products and could allow threat actors to take…

Next post in Vulnerabilities