Telnet Backdoor Vulnerabilities Impact Over A Million IoT Radio Devices

It has been reported that that critical vulnerabilities have been discovered in Telestar Digital GmbH Internet of Things (IoT) radio devices that permit attackers to remotely hijack systems. Today, Vulnerability-Lab researcher Benjamin Kunz disclosed the firm’s findings, of which two CVEs have been assigned, CVE-2019-13473 and CVE-2019-13474. Experts Comments September 10, 2019 Tim Mackey + Follow Me – […]

Newly Discovered Cyber-Espionage Malware Abuses Windows BITS Service

ZDNet reported earlier today that security researchers have found another instance of a malware strain abusing the Windows Background Intelligent Transfer Service (BITS). The malware appears to be the work of a state-sponsored cyber-espionage group that researchers have been tracking for years under the name of Stealth Falcon. The first and only report on this hacking group has […]

CirclCI Data Breach Exposed Customer GitHub And Bitbucket Logins

According to this link, https://www.scmagazineuk.com/circlci-data-breach-exposed-customer-github-bitbucket-logins/article/1595997, CircleCI has informed its clients that a third-party analytics vendor suffered an incident exposing login information for their GitHub and Bitbucket accounts. The information compromised included usernames and email addresses associated with GitHub and Bitbucket and IP addresses and user agent strings Additionally, organisation name, repository URLs and names, branch names, […]

Avast Finds Flashlight Apps On Google Play Requesting Up To 77 Permissions

Avast researchers found flashlight apps request 25 permissions on average Avast [LSE: AVST], a global leader in digital security products, has found that Android flashlight applications request an average of 25 permissions. Using apklab.io, Avast’s mobile threat intelligence platform, Avast analysed the permissions requested by 937 flashlight apps that either once made it onto the Google Play […]

Microsoft Phishing Page Bypasses Automated Detection Using Captcha

According to this link, https://www.bleepingcomputer.com/news/security/microsoft-phishing-page-uses-captcha-to-bypass-automated-detection/, a new phishing campaign has been observed in the wild using captcha boxes to hide a fake Microsoft account login page from secure email gateways (SEGs). The attackers were after credentials for Microsoft accounts and created a page that mimics the original for selecting an account and logging in This is […]