Vulnerability | SC Media

Vulnerability

telegrammessageapp_875461

Researchers find Telegram bot chatter is actually Windows malware commands

By

Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.…

Bluehost and other popular web hosting sites found to be full of flaws

By

The web-hosting platform Bluehost was found to contain multiple account takeover and information leak vulnerabilities. Independent researcher and bug-hunter Paulos Yibelo has identified four vulnerabilities, one of which is a “High” severity information leak through CORS misconfigurations that could allow attackers to steal personally identifiable information, partial payment details and tokens that can give access…

smartcar_1270586

Schneider Electric car charging station vulnerabilities allowed stolen cables, halted charging

By

Positive Technologies researchers have released details concerning the vulnerabilities patched last month in the Schneider Electric car charging stations. One of the vulnerabilities, (CVE-2018-7800) enables access with maximum privileges to the charging station and could allow an attacker to stop the charging process and switch the device to the reservation mode making it inaccessible to…

Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug

By

Cisco issued 18 fixes for vulnerabilities spanning its product line including a critical flaw which could be triggered by a malicious email and another flaw which could enable a permanent DoS condition forcing the affected device to stop scanning and forwarding messages. The critical flaw is the result of a memory corruption denial of service…

Fiat Chrysler Automobiles logos

U.S. Supreme Court declines to hear Fiat Chrysler appeal in car hacking case

By

The U.S. Supreme court Monday declined to hear Fiat Chrysler’s appeal in a class action lawsuit claiming the automaker knew its vehicles were vulnerable to cyberattacks as early as 2011. The case stems from three car owners who sued the Samsung Electronics Co subsidiary Harman International Industries which manufactures the vehicle’s Uconnect infotainment system, and…

Malicious Google Chrome extension collected users' data for third parties

Google patches Chrome for Android vulnerability, three years after it was reported

By

Google finally got around to patching a three-year-old vulnerability in its Chrome for Android browser, which reveals a phone model and build. Nightwatch Cybersecurity bug bounty researchers identified the vulnerability back in May 2015, according to a Sept. 30, 2015 blog post ,but Google’s Security staff didn’t address the threat until they realized how big the issue…

Multiple privilege escalation vulnerabilities in CleanMyMacX

By

Several privilege escalation vulnerabilities were found in MacPaw’s CleanMyMac X software, all of which will allow an attacker with local access to the victim’s machine to modify the file system as root. Cisco Talos researchers spotted 13 CVE vulnerabilities in the Mac cleanup application designed to free up extra space on a user’s machine by…

Guardzilla IoT Video Camera contains critical credential vulnerability

By

A hard-coded credentials vulnerability in Guardzilla IoT video cameras could grant a moderately skilled attacker unlimited access to all S3 buckets provisioned for the account. The vulnerability (CVE-2018-5560) was discovered during the 0DAYALLDAY Research Event on Sept. 29, 2018 and was publicly disclosed on Dec. 27, 2018 after researchers disclosed the issue to Rapid7 for coordinated…

Ethical hacking growing in popularity as data breaches increase, report

By

As the idea of ethical hacking begins to resonate more with the general public, it has inspired more people ranging from aspiring hackers to seasoned security professionals to join the hacking community and seek out crowdsourced security testing programs to hunt bug bounties. And judging by how 71 percent of cybercriminals can breach a perimeter…

Microsoft Patch Tuesday includes fix for actively exploited zero-day

By

Microsoft addressed nearly 40 vulnerabilities including and actively exploited zero-day, in its December 2018 Patch Tuesday release. Several of the issues were rated critical or important and or dealt with remote code execution flaws in Windows including one vulnerability that was actively being exploited in the wild. “One of the most important flaws is a…

Next post in News