Security News > 2020
December's story of the researcher who tricked Twitter's Android app into matching random phone numbers to 17 million user accounts just took a turn for the worse. The flaw related to Twitter's contact upload feature, by which users upload their contact book to enable them to connect to other Twitter users whose email or phone number matches the data.
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that's also connected to your computers, smartphones, and other smart devices. In the latest research shared with The Hacker News, Check Point experts today revealed a new high-severity vulnerability affecting Philips Hue Smart Light Bulbs that can be exploited over-the-air from over 100 meters away to gain entry into a targeted WiFi network.
A patch has been released for a vulnerability in Sudo that can be exploited by an unprivileged attacker to gain full root permissions on the targeted system. Sudo is a popular utility that system administrators can use to allow users to execute some commands as root or another user.
As currently used in the cloud, IaC can expose organizations to certain risks. In its Cloud Threat Report for Spring 2020, Unit 42, the global threat intelligence team at Palo Alto Networks, looked at how organizations use IaC and cloud-based environments to manage their infrastructure.
The Gamaredon advanced persistent threat group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December.
Manufacturing facilities and processing centers using AutomationDirect C-more Touch Panels are advised to upgrade their firmware ASAP, as older versions contain a high-risk vulnerability that may allow attackers to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device. Manufactured by US-based AutomationDirect, the vulnerable C-more Touch Panels EA9 series are human-machine interfaces capable of communicating with a wide variety of programmable logic controllers.
The hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure. USB armory Mk II. The USB armory Mk II entrenches security in its lowest levels and is suitable for a wide range of applications - such as custom hardware security modules, cryptocurrency wallets, secure authentication and licensing tokens, and more - that need the efficiency and flexibility of an embedded computer without sacrificing security.
Irish regulators have launched separate inquiries into Google and dating app Tinder over how they process user data, in a new round of regulatory scrutiny aimed at tech companies. Ireland's Data Protection Commission said Tuesday that it decided to look into how Google handles location data after a number of consumer groups across the European Union filed complaints.
Most DDoS attacks in 2019 were directed toward companies in the gaming and gambling sectors, the report found. Released on Wednesday, Imperva's annual Global DDoS Threat Landscape Report looks at the greater scale, effective strategies, and higher frequency of DDoS attacks.
In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can't connect wirelessly or physically with other computers or network devices. How Does the Brightness Air-Gapped Attack Work? In his latest research with fellow academics, Mordechai Guri, the head of the cybersecurity research center at Israel's Ben Gurion University, devised a new covert optical channel using which attackers can steal data from air-gapped computers without requiring network connectivity or physically contacting the devices.