20 Sep 2019

Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal

Two years after a vulnerability in payment software used by municipalities across the United Sates resulted in a breach exposing the payment card details of hundreds of thousands of US citizens, threat actors have managed to attack the Click2Gov software one again. In August of this year, attackers exploited another

Read More
17 Sep 2019

LastPass Patches Bug Leaking Last-Used Credentials

The Chrome and Opera browser extensions for the freemium password manager LastPass contained a vulnerability that could be exploited to make the application leak login credentials, a security researcher with Google recently discovered. In order to exploit the bug, threat actors needed to get victims to visit a malicious website

Read More
17 Sep 2019

Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs

New research by Independent Security Evaluators has uncovered a total of 125 security vulnerabilities in small office/home office (SOHO) routers and network-attached storage devices (NAS). The researchers tested 13 devices in total, from vendors including Asus, Lenovo and Netgear. The report warns that all of the devices under scrutiny “had

Read More
12 Sep 2019

Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers

A recently uncovered vulnerability in Instagram’s contact importer could have allowed threat actors to access private user data including full names, phone numbers and Instagram account numbers and handles. Facebook, which owns Instagram, has confirmed the flaw and resolved the issue. Exploitation of the vulnerability involved brute-forcing Instagram’s login form.

Read More
12 Sep 2019

D-Link, Comba network gear leave passwords open for potentially whole world to see

Security researchers with Trustwave have discovered that certain DSL modems and Wi-Fi routers produced by D-Link and Comba expose user passwords to the Internet as the result of various firmware vulnerabilities. D-Link devices are affected by two firmware bugs, one of which makes it possible to view a file containing

Read More
10 Sep 2019

Cyber-security incident at US power grid entity linked to unpatched firewalls

In March of this year, a cyber incident affected firewalls at multiple power generation sites across the US. According to a recent report by the North American Electric Reliability Corporation (NERC), the attack was less serious than initially thought, and did not significantly impact electricity supply. The attackers exploited “a

Read More
10 Sep 2019

Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

Cybersecurity researchers with Vulnerability Lab have uncovered two security vulnerabilities in Imperial Dabman IoT radios that could enable attackers to gain control over more than a million devices and use them to plant malware, enslave them into a botnet, and retrieve sensitive data including the Wi-Fi password of the network

Read More
09 Sep 2019

Millions of Exim servers vulnerable to root-granting exploit

A critical vulnerability in Exim software, which is used by 57% of all email servers worldwide, can enable attackers to run malicious code on impacted servers with administrative (root) privileges, the Exim team warned last Friday. The company has released a patch to address the issue. The flaw affects servers

Read More
06 Sep 2019

600,000 GPS trackers for people and pets are using 123456 as a password

Security researchers with Avast have discovered a range of critical flaws affecting around 600,000 GPS trackers designed for monitoring the location of children, seniors, and pets. The flaws include the presence of the same default password (123456) in all devices and the insecure transmission of data in plaintext. The vulnerabilities

Read More
05 Sep 2019

Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn

Security researchers with the Zero Day Initiative (ZDI) are warning that Google has failed to include a high-severity privilege escalation vulnerability in the collection of security patches it released for the Android platform this week. The bug affects the v4l2 (Video4Linux 2) driver used in Android devices. ZDI disclosed the

Read More