#security-flaws

[ follow ]

Bugs in a major McDonald's India delivery system exposed sensitive customer data | TechCrunch

McDonald's India delivery system flaws exposed personal data and allowed unauthorized access to customer and driver information.
Vulnerabilities in their API were identified by a security researcher, leading to potential data risks.
#cybersecurity

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Microsoft patched 90 security flaws, including six zero-days under active exploitation, emphasizing the need for urgent security updates.

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service

Microsoft Azure Health Bot Service had security vulnerabilities allowing access to sensitive patient data, now patched.

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Two security flaws in Google's Vertex AI platform could be exploited for privilege escalation and sensitive data exfiltration.

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Day Exploits

Microsoft patched 90 security flaws, including six zero-days under active exploitation, emphasizing the need for urgent security updates.

Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service

Microsoft Azure Health Bot Service had security vulnerabilities allowing access to sensitive patient data, now patched.

Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform

Two security flaws in Google's Vertex AI platform could be exploited for privilege escalation and sensitive data exfiltration.
morecybersecurity
#vulnerabilities

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

As many as 10 security flaws were discovered in Google's Quick Share utility, leading to a potential remote code execution threat on systems with the software.

November delivers a heap of Microsoft patches for admins

Microsoft's Patch Tuesday addresses 89 CVE security flaws, including two under active attack, highlighting significant vulnerabilities in Windows Task Scheduler and NTLM code.

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is addressing two vulnerabilities allowing downgrade attacks on Windows update architecture.
The vulnerabilities, discovered by SafeBreach Labs researcher Alon Leviev, could lead to privilege escalation and security flaw reintroduction.
A tool called Windows Downdate can exploit the vulnerabilities to make fully patched Windows systems vulnerable to past exploits.

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.
A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows.

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share

As many as 10 security flaws were discovered in Google's Quick Share utility, leading to a potential remote code execution threat on systems with the software.

November delivers a heap of Microsoft patches for admins

Microsoft's Patch Tuesday addresses 89 CVE security flaws, including two under active attack, highlighting significant vulnerabilities in Windows Task Scheduler and NTLM code.

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is addressing two vulnerabilities allowing downgrade attacks on Windows update architecture.
The vulnerabilities, discovered by SafeBreach Labs researcher Alon Leviev, could lead to privilege escalation and security flaw reintroduction.
A tool called Windows Downdate can exploit the vulnerabilities to make fully patched Windows systems vulnerable to past exploits.

Microsoft security bypass bug said to be under exploit

Microsoft fixed 149 security flaws on Patch Tuesday.
A vulnerability, CVE-2024-26234, was actively exploited with a backdoor in Windows.
morevulnerabilities

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors

Modern AMD and Intel CPUs are still vulnerable to speculative execution attacks, revealing persistent security issues despite prior mitigations.

Ecovacs says it will fix bugs that can be abused to spy on robot owners | TechCrunch

Ecovacs initially downplayed security flaws in their robots but later committed to addressing vulnerabilities after researchers highlighted significant risks.

Almost unfixable "Sinkclose" bug affects hundreds of millions of AMD chips

Security flaw found in AMD processors spanning over a decade poses a serious risk of malware infection that may require discarding the affected machine.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Four medium-severity security flaws in OpenVPN disclosed by Microsoft can lead to RCE and LPE, requiring user authentication and advanced knowledge of OpenVPN.
The vulnerabilities could result in full control over targeted endpoints, data breaches, system compromise, and unauthorized access to sensitive information.

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Security flaws in Roundcube webmail could allow theft of sensitive information through malicious JavaScript.
#consumer-reports

This 'Amazon's Choice' video doorbell could let just about anyone spy on you

Some retailers continue to sell vulnerable doorbell cameras despite security concerns
Consumer Reports highlight lax security on Aiwit doorbell cameras sold under different brands

Popular video doorbells can be easily hijacked, researchers find | TechCrunch

Internet-connected doorbell cameras have security flaws allowing easy hackability.
Consumer Reports found security and privacy flaws in EKEN doorbell cameras, prompting removal from some online marketplaces.

Surprise, this $30 video doorbell has serious security issues

Video doorbells under various brands from the Chinese company Eken have serious security flaws, exposing users' IP address and WiFi network name.
Ownership and control of these doorbells can be easily taken over by hackers via the Aiwit app, potentially compromising users' safety and privacy.

This 'Amazon's Choice' video doorbell could let just about anyone spy on you

Some retailers continue to sell vulnerable doorbell cameras despite security concerns
Consumer Reports highlight lax security on Aiwit doorbell cameras sold under different brands

Popular video doorbells can be easily hijacked, researchers find | TechCrunch

Internet-connected doorbell cameras have security flaws allowing easy hackability.
Consumer Reports found security and privacy flaws in EKEN doorbell cameras, prompting removal from some online marketplaces.

Surprise, this $30 video doorbell has serious security issues

Video doorbells under various brands from the Chinese company Eken have serious security flaws, exposing users' IP address and WiFi network name.
Ownership and control of these doorbells can be easily taken over by hackers via the Aiwit app, potentially compromising users' safety and privacy.
moreconsumer-reports

Veracode Report Shines Spotlight on Massive Application Security Debt - DevOps.com

42% of applications have unfixed flaws for over a year
46% of organizations have critical security debt

GSA used 'egregiously flawed' data to clear purchase of Chinese-made cameras, watchdog says

The General Services Administration (GSA) used flawed market research in purchasing Chinese-made video conferencing cameras that did not comply with U.S. trade standards.
The cameras have known security flaws that can be exploited to access camera owners' networks.

Emergency patches released for EOL Zyxel NAS boxes

Critical security flaws reported by an intern at Outpost24 in Zyxel's obsolete NAS devices led to patches being released despite EOL status.

Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation

APT40, a China-linked cyber espionage group, swiftly exploits new security flaws; targeted various countries since 2013, attributed to China's Ministry of State Security in 2021.
[ Load more ]