Misconfigured Firebase Databases Exposing Data in Mobile Apps
Five percent of the databases are vulnerable to threat actors: It's a gold mine of exploit opportunity in thousands of mobile apps, researchers say. [...]
Five percent of the databases are vulnerable to threat actors: It's a gold mine of exploit opportunity in thousands of mobile apps, researchers say. [...]
It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck. [...]
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old "security by obscurity" ways. [...]
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. [...]
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. [...]
While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. [...]
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. [...]
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. [...]
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. [...]
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser. [...]
Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) (credit: T3 Magazine/Getty Images) Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock …
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Android’s Hardware-Backed Keystore in Samsung’s Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered and provide a detailed …
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. [...]
TechCrunch is reporting — but not describing in detail — a vulnerability in a series of stalkerware apps that exposes personal information of the victims. The vulnerability isn’t in the apps installed on the victims’ phones, but in the website the stalker goes to view the information the app collects …
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations. [...]
The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that's found in a massive number of VoIP implementations. [...]
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks' favorites, ProxyShell and ProxyLogon – as initial infection vectors. [...]
A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking. [...]
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in. [...]
One cryptography expert said that 'serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics, are 'embarrassingly bad.' [...]
Enlarge (credit: Getty Images) Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted subscribers, customers …
Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. [...]
An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders. [...]
The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks. [...]
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit. [...]