It has been reported that a security firm has found a series of flaws in WhatsApp that could allow hackers to intercept and manipulate messages by changing the identity of a sender or altering their text. This gives the attackers the power to “create and spread misinformation from what appear to be trusted sources,” the researchers said.
ISBuzz Team
Attackers could have used 3fun to create profiles of the users with both typical profile information and physical location data of its users who are billed as kinky, open-minded people. This can be sensitive information that used for harassment and persecution of LGBTQ+ individuals. Due to the multiple security vulnerabilities in the application, researchers were able to manipulate their session details to change data attributes and collect profile information of other registered users. This is where a layered security approach that establishes a trusted device profile is critical to providing a better consumer experience that validates the device and prevents…
Apple opening its bug bounty program up to all researchers is an interesting move–but an anticipated one. Public programs open companies up to more diversity and creativity from a broader crowd of security researchers. Among other updates to the program, Apple is demonstrating that it understands the importance of finding bugs not just when they’re in the hands of customers, but also in the production cycle. In fact, Bugcrowd’s Priority One Report shows that this model is invaluable for vulnerability discovery — over the last year, vulnerability submissions increased by 92% and average payouts increased by a whopping 83%.
Banking and insurance giant State Farm said it suffered a credential stuffing attack during which “a bad actor” was able to confirm valid usernames and passwords for State Farm online accounts. State Farm said it reset account passwords to all impacted accounts to prevent future abuse from the bad actor.
Check Point’s researchers confirm that the vulnerability has impacted 32% of organizations globally in the last month Check Point Research has published its latest Global Threat Index for July 2019. The Research team is warning organizations of a new vulnerability discovered in the OpenDreamBox 2.0.0 WebAdmin Plugin that has impacted 32% of organizations globally in the last month. The vulnerability, ranked the 8th most exploited vulnerability, enables attackers to execute commands remotely on target machines. The exploit was triggered alongside other attacks targeting IoT devices – in particular with the MVPower DVR Remote Code Execution (the third most popular exploited vulnerability…
It has been revealed that Instagram’s lax privacy practices let trusted partner Hyp3r track millions of users’ physical locations, secretly save their stories, and flout its rules. Hyp3r used four key tools to scrape data from Instagram users. First, it utilized an Instagram security hole that allowed it to “zero in on specific locations” and collect all the posts made from those locations. Second, Hyp3r “systematically saved users’ public Instagram stories,” again utilizing that location data. Third, it “scraped public user profiles on a broad basis, collecting information like user bios and followers, which it then combined with the other location information.” Lastly, Hyp3r used…
FISMA provides federal agencies significant leeway when determining the security controls required for compliance. Each agency is responsible for determining the appropriate controls based on their particular risk profile. And while some agencies may dismiss firmware security, that would be a big mistake. Adversaries have noticed that firmware and hardware constitute a serious blind spot for most organizations, and while firmware may have once been the domain of nation-state attackers, it is now easier than ever to develop firmware-based attacks that bypass security and cause serious (even permanent) damage. However, advances in firmware security mean that agencies no longer need…
The Department of Homeland Security (DHS) on Tuesday warned internet users to watch out for potential “malicious cyber activity” that seeks to take advantage of the shootings over the weekend in El Paso, Texas, and Dayton, Ohio.
Facebook has filed a lawsuit today against two Android app developers for infecting their users with malware that faked clicks on ads. Both the Hong Kong-based JediMobi and the Singapore-based LionMobi were a part of the social media giant’s Audience Network. The program lets Facebook’s advertisers host their ads on participating mobile apps, whose developers receive a payout if a user clicks through. In the case of JediMobi and LionMobi, Facebook alleges that many of ad clicks generated through their apps weren’t from an actual human.
British Airways is experiencing yet another IT system failure this morning, following a similar outage it suffered last month. The failure seems to be causing delays, confusion and frustration among the many travelers eager to get to anticipated destinations. More information can be found here: https://www.bbc.co.uk/news/uk-49261497