Vulnerabilities

Vulnerabilities

Issued by: Help Net Security

Most IoT devices are being compromised by exploiting rudimentary vulnerabilities

Cybercriminals are looking for ways to use trusted devices to gain control of Internet of Things (IoT) devices via password cracking and exploiting other vulnerabilities, such as through the exploitation via voice assistants, according to the latest Mobile Threat Report unveiled by McAfee. With over 25 million voice assistants in use across the world, these…

Vulnerabilities

Issued by: Security Week

Critical Drupal Vulnerability Allows Remote Code Execution

The security hole, tracked as CVE-2019-6340, is caused by the lack of proper data sanitization in some field types, which, in some cases, can allow an attacker to execute arbitrary PHP code, Drupal developers said. The issue was discovered by Samuel Mortenson of the Drupal Security Team. Exploitation of CVE-2019-6340 is possible if the core…

Vulnerabilities

Issued by: Security Week

Apple Patches FaceTime Spying Vulnerability

Apple described the flaw, tracked as CVE-2019-6223, as a logic issue in the handling of Group FaceTime calls. The company says the problem has been addressed with “improved state management.” The bug allowed an attacker to spy on FaceTime users by calling the targeted user and adding the attacker’s own number to a group chat….

Vulnerabilities

Issued by: Dark Reading

4 Payment Security Trends for 2019

Visa’s chief risk officer anticipates some positive changes ahead. Change that leads to improvement is usually good, in my opinion, and in my role at Visa, I anticipate some healthy changes ahead for the payment industry. Of course, no one can perfectly predict what is to come, but here is my take on four notable…

Vulnerabilities

Issued by: Help Net Security

eCommerce credit card fraud is nearly an inevitability

Riskified surveyed 5,000 US-based consumers aged 18 and older about their online shopping behaviors, experience with and prevalence of credit card fraud, repeat shopping likelihood and customer satisfaction to develop a full picture of how consumers react to a number of common shopping experiences. The results are worrisome for both consumers and merchants, as roughly…

Vulnerabilities

Issued by: Security Week

Code Execution Vulnerability Impacts Linux Package Manager

Tracked as CVE-2019-3462, the software bug could be exploited by hackers able to perform network man-in-the-middle (MitM) attacks to inject content and have it executed on the target machine with root privileges. Malicious package mirrors can also exploit the bug. “The code handling HTTP redirects in the HTTP transport method doesn’t properly sanitize fields transmitted…