Étiquette : vulnerability (Page 17 of 41)

4 avril 2020 / noflux

“Facebook representatives approached controversial surveillance vendor NSO Group to try and buy a tool that could help Facebook better monitor a subset of its users, according to an extraordinary court filing from NSO in an ongoing lawsuit. Facebook is currently suing NSO for how the hacking firm leveraged a vulnerability in WhatsApp to help governments hack users. NSO sells a product called Pegasus, which allows operators to remotely infect cell phones and lift data from them.”

Source : Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims – VICE

1 avril 2020 / noflux

zoom-security-flaws

“Now that a large portion of the world is working from home to ride out the coronavirus pandemic, Zoom’s popularity has rocketed, but also has led to an increased focus on the company’s security practices and privacy promises. Hot on the heels of two security researchers finding a Zoom bug that can be abused to steal Windows passwords, another security researcher found two new bugs that can be used to take over a Zoom user’s Mac, including tapping into the webcam and microphone.”

Source : Ex-NSA hacker drops new zero-day doom for Zoom | TechCrunch

18 mars 2020 / noflux

“We recently discovered a new strain of Android malware. The Trojan (detected as: Trojan-Spy.AndroidOS.Cookiethief) turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server. This abuse technique is possible not because of a vulnerability in Facebook app or browser itself. Malware could steal cookie files of any website from other apps in the same way and achieve similar results.”

Source : Cookiethief: a cookie-stealing Trojan for Android | Securelist

11 mars 2020 / noflux

“For well over a decade, identity thieves, phishers, and other online scammers have created a black market of stolen and aggregated consumer data that they used to break into people’s accounts, steal their money, or impersonate them. In October, dark web researcher Vinny Troia found one such trove sitting exposed and easily accessible on an unsecured server, comprising 4 terabytes of personal information—about 1.2 billion records in all.”

Source : 1.2 Billion Records Found Exposed Online in a Single Server | WIRED

11 mars 2020 / noflux

“Yodlee, the largest financial data broker in the U.S., sells data pulled from the bank and credit card transactions of tens of millions of Americans to investment and research firms, detailing where and when people shopped and how much they spent. The company claims that the data is anonymous, but a confidential Yodlee document obtained by Motherboard indicates individual users could be unmasked.”

Source : Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans – VICE

10 mars 2020 / noflux

“Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads.”

Source : Sensor Tower Secretly Owns Ad Blocker And VPN Apps That Collect User Data

3 mars 2020 / noflux

HackerOne rewards bughunter who found critical security hole in... HackerOne

“Vulnerability-reporting platform HackerOne has come clean about a critical security flaw on its own website that could be used to expose the email addresses of users. A researcher going by the name of “msdian7” revealed how an attacker could exploit the site’s project invite feature to uncover the email addresses of other users”

Source : HackerOne rewards bughunter who found critical security hole in… HackerOne

20 février 2020 / noflux

“Les Nations Unies disposent d’un statut diplomatique particulier qui leur offre « l’immunité contre toute forme de procédure légale ». Ils ne sont donc pas obligés de divulguer leurs failles de sécurité ni d’informer les potentielles victimes. Ces obligations, légales pour la majorité des entreprises et des institutions depuis le RGPD, ne sont donc que des considérations éthiques pour l’ONU. Résultat, le porte-parole de l’ONU confirme que seules les équipes informatiques internes des deux bureaux concernés ont été informées de la faille.”

Source : L’ONU a gardé sous silence l’une des plus grandes cyberattaques de son histoire – Cyberguerre

14 février 2020 / noflux

“Cette atteinte à la vie privée d’un personnage politique va nécessairement nourrir les différents textes en cours de discussion au Parlement. La proposition de loi Avia veut obliger les plateformes à retirer en moins de 24 heures les contenus pornographiques lorsqu’ils sont susceptibles d’être vu par un mineur. La proposition de loi contre les violences conjugales entend-elle rendre applicable cette même infraction même si les contenus sont précédés d’un disclaimer « interdit aux moins de 18 ans ».”

Source : Le revenge porn visant Benjamin Griveaux déjà dédoublé sur Internet Archive

12 février 2020 / noflux

“The Swiss firm made millions of dollars selling equipment to more than 120 countries well into the 21st century. Its clients included Iran, military juntas in Latin America, nuclear rivals India and Pakistan, and even the Vatican.But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.”

Source : How the CIA used Crypto AG encryption devices to spy on countries for decades – Washington Post

Étiquette : vulnerability (Page 17 of 41)

Archives

Catégories

Méta