Étiquette : vulnerability (page 1 of 25)

“We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. This abuse technique is possible not because of a vulnerability in Facebook app or browser itself. Malware could steal cookie files of any website from other apps in the same way and achieve similar results.”

Source : Cookiethief: a cookie-stealing Trojan for Android | Securelist

a woman retrieving info from file catalouge

“For well over a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.”

Source : 1.2 Billion Records Found Exposed Online in a Single Server  | WIRED

http://www.beaude.net/no-flux/wp-content/uploads/2020/03/1582126936038-credit-card.jpeg

“Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked.”

Source : Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans – VICE

“Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads.”

Source : Sensor Tower Secretly Owns Ad Blocker And VPN Apps That Collect User Data

HackerOne rewards bughunter who found critical security hole in... HackerOne

“Vulnerability-reporting platform HackerOne has come clean about a critical security flaw on its own website that could be used to expose the email addresses of users. A researcher going by the name of “msdian7” revealed how an attacker could exploit the site’s project invite feature to uncover the email addresses of other users”

Source : HackerOne rewards bughunter who found critical security hole in… HackerOne

“Les Nations Unies disposent d’un statut diplomatique particulier qui leur offre « l’immunité contre toute forme de procédure légale ». Ils ne sont donc pas obligés de divulguer leurs failles de sécurité ni d’informer les potentielles victimes. Ces obligations, légales pour la majorité des entreprises et des institutions depuis le RGPD, ne sont donc que des considérations éthiques pour l’ONU. Résultat, le porte-parole de l’ONU confirme que seules les équipes informatiques internes des deux bureaux concernés ont été informées de la faille.”

Source : L’ONU a gardé sous silence l’une des plus grandes cyberattaques de son histoire – Cyberguerre

“Cette atteinte à la vie privée d’un personnage politique va nécessairement nourrir les différents textes en cours de discussion au Parlement. La proposition de loi Avia veut obliger les plateformes à retirer en moins de 24 heures les contenus pornographiques lorsqu’ils sont susceptibles d’être vu par un mineur. La proposition de loi contre les violences conjugales entend-elle rendre applicable cette même infraction même si les contenus sont précédés d’un disclaimer « interdit aux moins de 18 ans ».”

Source : Le revenge porn visant Benjamin Griveaux déjà dédoublé sur Internet Archive

“The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.”

Source : How the CIA used Crypto AG encryption devices to spy on countries for decades – Washington Post

Hackers examining a voting machine at the DefCon cybersecurity conference in Las Vegas in 2017.

“The programmer who revealed the breach, explained that visitors to the Elector app’s website could right-click to “view source,” an action that reveals the code behind a web page. That page of code included the user names and passwords of site administrators with access to the voter registry, and using those credentials would allow anyone to view and download the information. Mr. Bar-Zik, a software developer for Verizon Media who wrote the Sunday article in Haaretz, said he chose the name and password of the Likud party administrator and logged in. “Jackpot!” he said in an interview on Monday. “Everything was in front of me!””

Source : Israeli Voters: Data of All 6.5 Million Voters Leaked – The New York Times

Image

“Google this evening began alerting Takeout users about the “technical issue.” From November 21-25, 2019, those that requested backups could have had videos in Google Photos “incorrectly exported to unrelated users’ archives.” In requesting a backup, some of your videos — but not pictures — might be visible to random users that were also downloading their data through Google Takeout.”

Source : Google Photos video backups sent to strangers last year – 9to5Google

« Older posts

© 2020 no-Flux

Theme by Anders NorenUp ↑