Vulnerabilities Archives - Page 67 of 85

Thousands of Organizations Expose Sensitive Data via Google Groups

Issued by: Security Week

Google has issued a warning to G Suite users after researchers discovered that thousands of organizations expose sensitive information through misconfigured Google Groups instances. The Google Groups service allows users to create mailing lists, host internal discussions, and process support tickets. These types of communications can include highly sensitive information, which is why it’s important…

Vulnerabilities

Operator of World’s Top Internet Hub Sues German Spy Agency

Issued by: Security Week

Berlin – The operator of the world’s largest internet hub challenged the legality of sweeping telecoms surveillance by Germany’s spy agency, a German court heard Wednesday. The BND foreign intelligence service has long tapped international data flows through the De-Cix exchange based in the German city of Frankfurt. But the operator argues the agency is…

Vulnerabilities

Tens of Vulnerabilities Found in Pentagon Travel Management System

Issued by: Security Week

HackerOne announced on Wednesday the results of “Hack the DTS,” the fifth bug bounty program run by the U.S. Department of Defense (DOD). The DTS (Defense Travel System) is a fully integrated and automated travel management system created specially for the DOD. The platform is said to be accessed by roughly 100,000 unique users every…

Vulnerabilities

Cyber insurance: Is it worth the investment?

Issued by: CIO Security

Last year, Aon Inpoint reported about 80 percent of buyers of stand-alone cyber premiums were medium-sized to large companies. However, smaller firms are increasingly assessing their cyber exposure risk as concerns about the potential impact of a cyber incident continue to rise. “The majority of breaches worldwide occur at companies with 1,000 employees or less…

Vulnerabilities

Alexa, stop eavesdropping and sending recorded conversations to other people!

Issued by: CSO

Amazon confirmed that a couple’s Echo recorded their private conversation and sent it to another person – all without their knowledge or verbal consent. In this case, Alexa’s eavesdropping was not a hack pulled off security researchers; it was an “unlikely” chain of events which ended up as a privacy fiasco for a Portland couple. The couple…

Vulnerabilities

The Cherry on Top: Add Value to Existing Risk Management Activities With Open Source Tools

Issued by: Security Intelligence

Telling people about the virtues of open source security tools is like selling people on ice cream sundaes: It doesn’t take much of a sales pitch — and most people are convinced before you start. It’s probably not surprising that most security professionals are already using open source solutions to put a cherry on top…

Vulnerabilities

Hide ‘N Seek IoT Botnet Can Survive Device Reboots

Issued by: Security Week

The Internet of Things (IoT) botnet known as Hide ‘N Seek that first emerged in January can now achieve persistence on infected devices, Bitdefender reports. Discovered toward the end of April, the latest version of the malware also includes code that allows it to target more vulnerabilities and new types of devices, the security firm discovered,…

Vulnerabilities

We’re not going on a summer holiday

Issued by: Kaspersky Blog

You know the saying: “If it ain’t broke, don’t fix it.” Cybercriminals seem to have taken that truism to heart, because they continue to reuse the same old scams — and they never fail to find victims. Last summer, social media worldwide were flooded with reposts of fake airline giveaways. We covered it at the time,…

Vulnerabilities

Netflix, Dropbox promise not to sue security researchers, with caveats

Issued by: Help Net Security

Netflix and Dropbox have both noted recently that they won’t sue security researchers who find and disclose vulnerabilities in their products. The only caveat is: the researchers must conduct the research in line with their vulnerability disclosure policy and bug bounty program guidelines.

Vulnerabilities

Hackers Can Abuse Text Editors for Privilege Escalation

Issued by: Security Week

Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…