As reported by The Register, researchers from the University of New Mexico have found a bug in the way Unix-flavored systems handle TCP connections, which could put VPN users at risk of having their encrypted traffic hijacked. CVE-2019-14899 is a security weakness that they report to be present in “most” Linux distros, along with Android, iOS, and macOS. If exploited, encrypted VPN traffic can be potentially hijacked and disrupted by miscreants on the network. Once the victim connected to their VPN, the spy would be able to tamper with the TCP stream to do things like inject packets into the stream.
ISBuzz Team
Earlier this week, a cybersecurity Twitter account inadvertently revealed a zero-day vulnerability flaw affecting software company Atlassian. According to @SwiftOnSecurity, Atlassian provided a domain that resolved to a local server with a common SSL certificate for its Confluence cloud service. This vulnerability would allow anyone with sufficient technical knowledge to conduct a man-in-the-middle attack, redirecting app traffic to a malicious site.
It has been reported that a contractor working for mobile giant Sprint stored hundreds of thousands of cell phone bills of AT&T, Verizon and T-Mobile subscribers on an unprotected cloud server. The AWS storage bucket had more than 261,300 documents, the vast majority of which were phone bills belonging to cell subscribers dating as far back as 2015. It was not protected with a password, allowing anyone to access the data inside. It’s not known how long the bucket was exposed.
Experts commented below on Sweaty Betty’s data breach caused by cyber-criminals inserting malicious code into its eCommerce website to capture customer card details during the checkout process.
Cybersecurity firm AppRiver released its Q4 Cyberthreat Index for Business Survey, highlighting the threats facing small- and medium-sized businesses (SMBs) as we transition into 2020. The survey features the opinions of more than 1,000 cybersecurity officials working at SMBs throughout the United States. According to the survey, 93% of all executives think nation-states outside of the country are intent on attacking security digitally or waging “an invasion fought in cyberspace using businesses such as theirs as entry points.” AppRiver’s survey found that the figure rose to a whopping 97% when it came to larger SMBs and two-thirds of respondents said…
HackerOne, a leading vulnerability reporting platform that has paid hackers more than $23M on behalf of 100+ customers, has paid a $20,000 bounty out of its own pocket after accidentally giving an outside hacker the ability to read and modify some customer bug reports. The outsider was a HackerOne community member who had a proven track record of finding and privately reporting vulnerabilities through the platform. Through communicating late last month with one of the company’s security analysts, the same outsider sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it…
The Data Care Act was introduced in the Senate on Tuesday, to add a new layer of accountability for companies that fail to secure users’ personal data online. Senators Renew Effort to Safeguard People’s Data Online The bill would make companies subject to fines from the Federal Trade Commission if they poorly protect data.
It is being reported that Nebraska Medicine’s data breach caused by former employee accessing sensitive patient data. The demographic information of patients that may have been exposed includes names, dates of birth, medical record numbers, Social Security numbers, driver’s license numbers, and clinical information. https://twitter.com/threatpost/status/1202392142393442304
Ars Technica has reported that a group of international researchers have reached a new milestone in the annals of cryptography with the factoring of the largest RSA key size ever computed and a matching computation of the largest-ever integer discrete logarithm. New records of this type occur regularly as the performance of computer hardware increases over time. The records announced on Monday evening are more significant because they were achieved considerably faster than hardware improvements alone would predict, thanks to enhancements in software used and the algorithms it implemented.
A recent FBI report warned smart TV users that hackers can also take control of your unsecured TV. “At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you,” explained the FBI.The risk isn’t new. A few years ago, smart TVs from LG, Samsung, and Vizio were spying and reporting on your viewing habits to their manufacturers. Today, the FBI is warning that “TV manufacturers and app developers may be listening and watching you.”…