Security News
Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.
Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.
"Don't spread disinformation and right now, all signs point to just that - the alleged Minneapolis Police Department 'breach' is fake," he wrote, in an analysis posted on Monday, adding that the data is likely not from the MPD at all, but rather a collection of widely available credentials from earlier breaches, and possibly some made-up combinations, that have been assembled into a new database for the purpose of perpetrating this hoax. Passwords like the all-lowercase "Linkedin"; "Le"; PIN-like passwords like "1603"; and the notoriously insecure "Password," "Qwerty" and "123456" are all represented.
On Friday, ProPublica and The Atlanta Journal-Constitution revealed that the Georgia Bureau of Investigation found "No evidence of damage to network or computers, and no evidence of theft, damage, or loss of data." Kemp's hacking claim followed a report from a voter with software development experience about access control vulnerabilities in the state's My Voter Page and its online voter registration system.
On Friday, ProPublica and The Atlanta Journal-Constitution revealed that the Georgia Bureau of Investigation found "No evidence of damage to network or computers, and no evidence of theft, damage, or loss of data." Kemp's hacking claim followed a report from a voter with software development experience about access control vulnerabilities in the state's My Voter Page and its online voter registration system.
"Hack-for-hire" organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims' Google credentials. Researchers with Google's Threat Analysis Group warned that they've spotted a spike in activity from several India-based firms that have been creating Gmail accounts that spoof the World Health Organization to send coronavirus-themed phishing emails.
Hackers are threatening to release 756GB of A-list celebs' contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact details, and other information belonging to superstars, including Madonna, Christina Aguilera, Sir Elton John, Run DMC, Bruce Springsteen, Barbra Streisand, and Lady Gaga, and their representatives.
Threat actors are actively targeting a vulnerability in the Elementor Pro plugin for WordPress to compromise websites, WordPress security company Defiant warned this week. With an estimated install base of over 1 million websites, Elementor Pro is the paid version of the free Elementor plugin, a drag and drop page builder.