News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Facebook’s latest screw-up — a programming bug in Facebook website accidentally gave 1,500 third-party apps access to the unposted Facebook photos of as many as 6.8 million users. Facebook today quietly announced that it discovered a new API bug in its photo-sharing system that let 876 developers access users’ private photos which they never shared
0 Comments
The Logitech Options app, which configures the company’s mice and keyboards in Windows, relies on an ineffective authentication mechanism that enables malicious webpages to execute code on a victim’s machine. Tavis Ormandy, vulnerability researcher with Google’s Project Zero, found the flaw in the Logitech Options app when he tried to rebind a button on his
0 Comments
Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers. The phpMyAdmin project Sunday gave an early heads-up about the latest security
0 Comments
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an
0 Comments
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles
0 Comments
The troubles for Facebook continued this week with a trove of internal emails as part of an investigation in the U.K. Parliament revealing questionable data practices, including Facebook’s Android app permissions being designed to gather data without users knowing. Despite a U.S. federal judge ruling that the emails should be sealed, Damian Collins, chairman of
0 Comments
Australia’s House of Representatives has finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The Australian government argues the new legislation is important for national
0 Comments
Stratecast/Frost & Sullivan Information security, network security, cybersecurity: The industry is flooded with terms to describe how enterprises secure their network data. While the experience of wading through a mishmash of terminology to describe a specific operation or function is not limited to the networking industry, the use of various terms complicates the process of
0 Comments
Looking for an automated malware analysis software? Something like a 1-click solution that doesn’t require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and artificial
0 Comments
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations
0 Comments
Researchers found new vulnerabilities in Intel products that are similar to the Spectre vulnerabilities. How are the L1TF vulnerabilities similar to Spectre and how are they different? A third critical security vulnerability in Intel processors was discovered in 2018. This time the vulnerability was discovered by two research groups working independently: the imec-DistriNet Research Group
0 Comments
Mitre has entered the security product testing and evaluation fray, and the organization is using its Mitre ATT&CK framework to judge vendors. Seven vendors of endpoint detection and response (EDR) products submitted their endpoint security products to Mitre for evaluation testing. The objective of the evaluation was to demonstrate how the endpoint detection and response
0 Comments
This may sound crazy, but it’s true! The war for “most-subscribed Youtube channel” crown between T-Series and PewDiePie just took an interesting turn after a hacker yesterday hijacked more than 50,000 internet-connected printers worldwide to print out flyers asking everyone to subscribe to PewDiePie YouTube channel. PewDiePie, whose real name is Felix Kjellberg, is a
0 Comments
The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts,
0 Comments
Multinational computer technology company Dell disclosed Wednesday that its online electronics marketplace experienced a “cybersecurity incident” earlier this month when an unknown group of hackers infiltrated its internal network. On November 9, Dell detected and disrupted unauthorized activity on its network attempting to steal customer information, including their names, email addresses and hashed passwords. According
0 Comments
The Department of Justice Tuesday announced the indictments of eight people accused of running massive ad fraud schemes that were disrupted by an FBI-led botnet takedown. The 13-count indictment, which was unsealed in a federal court in Brooklyn, charged six Russian nationals and two Kazakhstan citizens with crimes including wire fraud, computer intrusion, aggravated identity
0 Comments
The Department of Justice announced Wednesday charges against two Iranian nationals for their involvement in creating and deploying the notorious SamSam ransomware. The alleged hackers, Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah, 27, have been charged on several counts of computer hacking and fraud charges, the indictment unsealed today at New Jersey court revealed.
0 Comments
Building on work that had sought to create fake partial fingerprints for fooling biometric scanners, researchers have used machine learning and artificial intelligence to construct full images of fake fingerprints. Philip Bontrager, Aditi Roy, Julian Togelius and Nasir Memon, researchers at New York University Tandon, and Arun Ross, researcher at Michigan State University, developed DeepMasterPrints,
0 Comments
Researchers at Qihoo 360 Netlab discovered hackers using vulnerable MikroTik routers to hijack TaZmen Sniffer Protocol traffic and send it to domains under their control. What is TZSP traffic and how are attackers gaining control of routers with this MikroTik router hack? The TaZmen Sniffer Protocol (TZSP) is an open protocol designed to encapsulate other
0 Comments
Positive Technologies researchers found two serious vulnerabilities that affect ATMs made by NCR. Researchers were able to launch black box attacks that forced the machines to dispense cash without authorization. What are these ATM vulnerabilities, and how does a black box attack work? Researchers from Positive Technologies What are these ATM vulnerabilities— Vladimir Kononovich and
0 Comments
Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page. The reported vulnerabilities were originally discovered by Syndis, a cybersecurity firm hired