News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying vulnerabilities,
0 Comments
Exclusive — A security researcher has identified an unsecured server that was leaking detailed personal details of nearly half a million Indian citizens… thanks to another MongoDB database instance that company left unprotected on the Internet accessible to anyone without password. In a report shared with The Hacker News, Bob Diachenko disclosed that two days ago
0 Comments
A vulnerable ConnectWise plugin led to several managed service providers being infected with GandCrab ransomware, but a new decryptor tool has provided relief for at least one of the victims. The vulnerable ConnectWise plugin was designed to sync data between the ConnectWise professional service automation software and the Kaseya VSA remote monitoring and management software.
0 Comments
Beware Windows users… a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software
0 Comments
A researcher recently discovered an info-stealer — dubbed Vidar — that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated? Malware infections haven’t changed much over time, even taking into
0 Comments
Microsoft recently announced that GitHub will now offer unlimited private code repositories for free. Will more private repositories help improve security for enterprises and limit things like accidental credential exposures on GitHub? Nothing on the internet, or really anywhere in life, is free. There’s always a cost somewhere or some sort of limitation. Some supposedly
0 Comments
It’s 2019, and just clicking on a specially crafted URL would have allowed an attacker to hack your Facebook account without any further interaction. A security researcher discovered a critical cross-site request forgery (CSRF) vulnerability in the most popular social media platform that could have been allowed attackers to hijack Facebook accounts by simply tricking
0 Comments
The United States Department of Justice has announced espionage charges against a former US Air Force intelligence officer with the highest level of top-secret clearance for providing the Iranian government classified defense information after she defected to Iran in 2013. Monica Elfriede Witt, 39, was a former U.S. Air Force Intelligence Specialist and Special Agent
0 Comments
Despite the increasing concern regarding online privacy and the growing number of security breaches, poor password practices continue to prevail in the enterprise. According to a new survey from the Ponemon Institute, 69% of respondents admitted to sharing passwords with their colleagues to access accounts and 51% said they reuse an average of five passwords
0 Comments
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed “Dirty_Sock” and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical,
0 Comments
MongoDB security settings have received significant upgrades recently, yet some users are still accidentally exposing their databases to the public internet. Starting in 2017, MongoDB added several security features for its database products that are enabled by default. But that hasn’t stopped some organizations from running older or free versions of the software that are
0 Comments
A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems and could potentially allow attackers to escape container and obtain unauthorized, root-level access to the host operating system. The vulnerability was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly disclosed
0 Comments
The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC). Yes, infinite… like a never-ending source of money. Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to
0 Comments
Using an Android device? Beware! You have to remain more caution while opening an image file on your smartphone—downloaded anywhere from the Internet or received through messaging or email apps. Yes, just viewing an innocuous-looking image could hack your Android smartphone—thanks to three newly-discovered critical vulnerabilities that affect millions of devices running recent versions of
0 Comments
A security researcher reported a supply chain attack that involved an official software repository for the Python programming language. How did this supply chain attack work? There isn’t a sysadmin or programmer around who hasn’t cursed a software installer or its associated instructions that overlook something that results in a failed install. The frustration of
0 Comments
QuadrigaCX, the largest bitcoin exchange in Canada, has claimed to have lost CAD 190 million (nearly USD 145 million) worth of cryptocurrency after the exchange lost access to its cold (offline) storage wallets. Reason? Unfortunately, the only person with access to the company’s offline wallet, founder of the cryptocurrency exchange, is dead. Following the sudden