[ad_1] The company had previously defended its earlier decisions. The web server only responded to requests from the local computer, Zoom said. It argued that this was more convenient than having to confirm launching the Zoom client every time you wanted to get into a meeting. It also fixed a denial-of-service bug in May, although […]
Category: vulnerability
US Cyber Command warns of nation-state hackers exploiting Outlook
[ad_1] ZDNet noted that a known Iran-backed hacking team, APT33, had used the same vulnerability in December to install back doors on servers and promptly push the flaw to Outlook users. Chronicle Security’s Brandon Levene also found that Cyber Command’s code samples appeared related to APT33’s disk-wiping Shamoon malware. Symantec had also warned of increased […]
EA patched Origin security flaws that put millions of users at risk
[ad_1] The vulnerabilities took advantage of abandoned subdomains, EA Games’ use of authentication tokens and single sign-on and TRUST mechanisms built into the user login process. Had an attack been carried out, it could have been devastating, given that EA is the world’s second largest gaming company and millions of user accounts would have been […]
FEMA’s presidential alerts are an easy target for spoofing attacks
[ad_1] In their paper, the researchers developed and tested a spoofing attack on presidential alerts. They used commercially available hardware and modified open-source software to send messages to nearly every phone in a 50,000-seat stadium with a 90 percent success rate. The vulnerability is due to the fact that WEA alerts use LTE. Alerts are […]
Indian streaming giant broke Safari support to deal with security hole
[ad_1] The company publicly blamed “technical limitations” in Safari for the sudden lack of support, but the tipsters said this wasn’t the truth. They instead said that Hotstar fully intended on restoring Safari support once it had patched the flaw on its side, and the site appeared to have resumed working at the time we […]
Exposed database revealed security details for large hotel chains
[ad_1] The data comes from a common source. Pyramid has been relying on Wazuh, an open source intrusion detection system, and sending data from that software to an unguarded server. It included info dating back to April 19th and mostly focuses on connection info like server logins, internet addresses and firewall data, but it also […]
Mac security hole reportedly lets attackers bypass app safeguards
[ad_1] Apple may have another Gatekeeper security flaw on its hands. Researcher Filippo Cavallarin has detailed a macOS vulnerability that he said would let attackers install malware without the usual permission request. As Gatekeeper considers network sh… [ad_2] Source link
Over 21,000 Linksys routers leaked their device connection histories
[ad_1] The attack appear to be relatively straightforward and involves little more than visiting an exposed router’s internet address and running a device list request. It works whether or not the router’s firewall is turned on, Mursch told Ars Technica, and isn’t affected by a patch Linksys released in 2014. There are potentially serious consequences. […]
Install updates now to address a vulnerability in most Intel CPUs
[ad_1] If you have a computer using an Intel CPU released since 2011 then congratulations — you’ve likely won a vulnerability, since only “select” 8th and 9th gen Core CPUs as well as 2nd generation Xeon Scalable CPUs have hardware protection against the attacks. Patching the holes will require a combination of firmware updates and […]
Old versions of Windows get a new patch to stop WannaCry-style attacks
[ad_1] The company stressed that it had seen “no exploitation” ahead of the patch, but though it was “highly likely” that malware writers would use the security hole. Some systems that have Network Level Authentication have a partial defense, since they require credentials before the flaw is usable. There’s no doubt as to why Microsoft […]