You are here:-Tag:Darkmatters

Google Home, Chromecast Leak Location Information | Threatpost

By | 2018-06-20T00:29:58+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues present in both. A fix from Google is incoming in July. At issue is, like many other IoT devices, they don’t require authentication for connections received on a

macOS QuickLook Feature Leaks Data Despite Encrypted Drive | Threatpost

By | 2018-06-19T21:56:02+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Researchers are cautioning macOS users that not all the data they store on their encrypted hard drive is protected. In a report published Monday, Apple security expert Patrick Wardle revealed that a macOS feature called QuickLook stores unprotected previews of images and other file types. “Apple states that: ‘we believe privacy is a

22K Open, Vulnerable Containers Found Exposed on the Net | Threatpost

By | 2018-06-19T22:57:22+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the

Axis Cameras Riddled With Vulnerabilities Enabling “Full Control” | Threatpost

By | 2018-06-19T10:13:35+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

A slew of vulnerabilities in Axis cameras could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Researchers at VDOO, who disclosed the vulns on Monday, recommended that customers update immediately after finding that more than 400 Axis IP cameras are impacted.

Vulnerability Summary for the Week of June 11, 2018

By | 2018-06-18T11:52:15+00:00 June 18th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , , , , , , , |

389-ds-base -- 389-ds-base 389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.2018-06-13not yet calculatedCVE-2018-10850CONFIRMCONFIRMCONFIRMacccheck -- acccheck acccheck.pl in acccheck 0.2.1 allows Command Injection

Vermont Librarian Wins Small-Claims Suit Against Equifax | Threatpost

By | 2018-06-16T20:25:19+00:00 June 15th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

In a David-and-Goliath moment, a 49-year-old librarian has won damages against credit giant Equifax, in the wake of its head-spinningly massive 2017 data breach. It’s a small but significant victory: a small claims court awarded $600 to Jessamyn West, native of the small town of Randolph in Orange County, Vermont. West told Threatpost

WannaCry Kill Switch Hero Faces New Charges, But Code Evals Say Little | Threatpost

By | 2018-06-16T22:54:55+00:00 June 15th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

A fresh FBI charge against Marcus Hutchins has led to the Kronos banking trojan and the UPAS Kit backdoor being linked in the news over the past week. However, a fresh analysis this week shows that, at least on a code level, the similarities (and differences) between the two are far from conclusive.

New Banking Trojan Can Launch Overlay Attacks on Latest Android Versions | Threatpost

By | 2018-06-16T21:25:01+00:00 June 15th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Researchers have discovered a new Android banking trojan that holds striking similarities to the infamous Lokibot – but packed with new tricky features, most notably its ability to implement an overlay attack on Android 7 and 8. Researchers at ThreatFabric, who discovered the trojan, said MysteryBot was running on the same C&C server

Apple Removes iPhone USB Access Feature, Blocking Out Hackers, Law Enforcement | Threatpost

By | 2018-06-15T20:05:55+00:00 June 14th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

Apple said an upcoming iOS software update will remove the infamous iPhone USB access feature, blocking out both hackers – and law enforcement – from accessing a locked phones’ data via the device port. Apple confirmed that new upcoming default settings will disable the iPhone’s Lightning port, its charging and data port, an hour

U.S. Intelligence Cautions World Cup Travelers on Mobile Use | Threatpost

By | 2018-06-15T10:24:55+00:00 June 14th, 2018|Categories: Vulnerabilities | Alerts | Solutions|Tags: , |

The 2018 FIFA World Cup is kicking off in Russia today, with at least 1 million visitors expected to travel to Moscow alone to take in the world’s biggest sporting event in person. But the event will feature more than just breathtaking goals and soccer superstars: According to researchers and at least one