Industry News
-
Weekly News Digest #22
Singtel Hacking Resulting Customers And Employees Data Leakage A security breach of a third-party file-sharing system led to the leakage of personal information of 129.000 clients and former Singtel employees. The data of 23 enterprises, credit card details of the staff of a corporate client were also revealed. After the investigation, the company stated that
-
Weekly News Digest #21
Adobe Flaw Vulnerability Hovers Widows Users Windows Users were prevented from a critical Adobe flaw from which hackers benefit. In their Tuesday’s notification, Adobe mentioned their vulnerability (CVE-2021-21017)in “limited attacks”. Such an error occurs as a result of memory overwhelming with dynamic variables. If a buffer-overflow happens, it leads to the incorrect behavior of a
-
Weekly News Digest #20
A zero-day vulnerability in SonicWall products actively exploited in the wild In SonicWall enterprise security products was find a zero-day vulnerability that is actively exploited in the wild. In January security provider SonicWall confirmed a “highly sophisticated, coordinated” attack on its systems. The company, which develops networking tools, cybersecurity products, and cloud platform solutions, said
-
Weekly News Digest #19
Grindr fined $10m for ‘grave’ GDPR violations by Norwegian privacy watchdog Grindr, the popular LGBT dating app, has been fined €10 million ($12 million) for GDPR violations by Norway’s data privacy regulator because sensitive user data was apparently shared with third parties without valid consent. The Norwegian Data Protection Authority (Datatilsynet) centres on the fact
-
Weekly Digest #18
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices This week researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System (DNS) responses for home and commercial routers and servers. The set of seven flaws consist of buffer overflow issues and weaknesses, allowing for DNS cache-poisoning attacks
-
Weekly Digest #17
Critical zero-day RCE in Microsoft Office 365 A remote code execution (RCE) vulnerability in Microsoft Exchange Online remains unresolved after security researchers bypassed two patches for successive exploits. The zero-day flaw impacts multiple Software as a Service (SaaS) providers and on-premise installations of Exchange Server. Microsoft assigned the initial flaw (CVE-2020-16875) as a high-risk classification
-
Weekly Digest #16
The new side-channel attack can recover encryption keys from Google Titan security keys The Google Titan and YubiKey hardware vulnerability allow threat actors to recover the primary encryption key used by the hardware security key to generate cryptographic tokens for two-factor authentication (2FA) operations. Once obtained, the two security researchers say the encryption key, an
-
Weekly Digest #15
DHS warns against using Chinese hardware and digital services The DHS (US Department of Homeland Security) has published a “business advisory” warning US companies against using hardware equipment and digital services created or linked to Chinese companies. These Chinese products could contain backdoors, bug doors, or hidden data collection mechanisms that could be used by
-
Weekly Digest #14
The NSA Warns That Russia Is Attacking Remote Work Platforms VMWare vulnerability has prompted a warning that companies and government agencies need to patch as soon as possible. 2020 was not an easy year, an unprecedented portion of the world’s office workers was forced to work from home as a result of the COVID-19 pandemic.
-
Weekly Digest #13
1.Cybersecurity Firm FireEye Got Hacked; Red-Team Pentest Tools Stolen We advise our clients to make penetration tests and bug bounties regularly. Instead, often hear from our future clients the same answer – “Yes, you know what a robust IT department we have, no one will ever hack us! ” No one can ever be 100%
-
Weekly News Digest #11
The Feds Seized $1 Billion in Stolen Silk Road Bitcoins Seven years ago, Ross Ulbricht was arrested in the science fiction section of a San Francisco library and charged with running the sprawling, dark web drug bazaar known as the Silk Road. When the FBI laid hands-on Ulbricht’s laptop that day, they found keys to
-
Weekly News Digest #10
NVIDIA Patches Critical Bug in High-Performance Servers NVIDIA published a patch for a critical bug in their high-performance DGX servers that could open the door for a remote intruder to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies. Vulnerable NVIDIA DGX servers are affected by DGX-1, DGX-2,
Subscribe to Hacken emails
Enter your email and be the
first to know all the news posted on Hacken Research
