Security News

Someone has been scanning the internet in search of SAP systems affected by the recently disclosed vulnerability dubbed RECON. The scanning activity started just as a researcher released a proof-of-concept exploit. Onapsis, a company specializing in the protection of business-critical applications, revealed on Tuesday that many SAP products that use the NetWeaver AS Java technology stack could be exposed to remote attacks due to a critical vulnerability tracked as CVE-2020-6287 and dubbed RECON. A remote and unauthenticated attacker who has access to the targeted system can exploit CVE-2020-6287 to create a new SAP admin user, allowing them to gain full control of the system.

Network administrators are urged to patch their F5 BIG-IP application delivery controllers following the disclosure of a pair of critical remote takeover bugs. The flaws in question, CVE-2020-5902 and CVE-2020-5903, lie within in a configuration tool known as the Traffic Management User Interface.

D-Link announced their new 5G solutions that create a world of wireless possibilities whether at home, at the office, or on the go. 5G networks elevate mobile internet connectivity and enhance IoT technology and devices to a level that has never been experienced before.

Avaya Holdings announced that its Avaya Collaboration Unit, a simple to use, all-in-one video meeting solution, has received a 2020 INTERNET TELEPHONY Product of the Year Award. As the global workforce adapts to new ways of collaborating, meeting and engaging, The Avaya Collaboration Unit represents a breakthrough stand-alone solution that turns any space - including a home office or workplace huddle rooms - into a cloud-enabled collaboration room.

Interesting story of how the police can identify someone by following the evidence chain from website to website. According to filings in Blumenthal's case, FBI agents had little more to go on when they started their investigation than the news helicopter footage of the woman setting the police car ablaze as it was broadcast live May 30.

Many providers of tracking services advertise secure data protection by generalizing datasets and anonymizing data in this way. Tracking services collect large amounts of data of internet users.

There has been a shift in internet traffic patterns coinciding with an increase in DDoS and other types of network attacks in recent months as organizations across industries quickly transitioned to remote workforces and individuals under stay-at-home orders began relying on the internet more heavily, according to Neustar. The pandemic effect was clear in traffic to specific websites, such as the 250% increase in queries for a popular collaboration platform as lockdowns commenced and the sharp rise in traffic to the website of a N95 masks manufacturer.

The Department of Homeland Security and CISA ICS-CERT today issued a critical security advisory warning about over a dozen newly discovered vulnerabilities affecting billions of Internet-connected devices manufactured by many vendors across the globe. According to Israeli cybersecurity company JSOF-who discovered these flaws-the affected devices are in use across various industries, ranging from home/consumer devices to medical, healthcare, data centers, enterprises, telecom, oil, gas, nuclear, transportation, and many others across critical infrastructure.

Hundreds of thousands of sensitive dating app profiles - including images of "a graphic, sexual nature" - were exposed online for anyone stumbling across them to download. Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records. "Aside from exposing potentially millions of users of the apps to danger, the breach also exposed the various apps' entire AWS infrastructure through unsecured admin credentials and passwords," vpnMentor's researchers wrote.

High impact vulnerabilities in modern communication protocol used by mobile network operators can be exploited to intercept user data and carry out impersonation, fraud, and denial of service attacks, cautions a newly published research. The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm Positive Technologies last week.