News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Microsoft silently patched a bug in its Windows 10 operating system with the October 2018 update (version 1809) that allowed Microsoft Store apps with extensive file system permission to access all files on users’ computers without their consent. With Windows 10, Microsoft introduced a common platform, called Universal Windows Platform (UWP), that allows apps to
0 Comments
Security researchers disclosed two vulnerabilities in Bluetooth chips that put wireless access points, medical devices and more at risk of attack. Researchers at Armis, an enterprise IoT security company based in Palo Alto, Calif., discovered two vulnerabilities in Bluetooth Low Energy (BLE) chips manufactured by Texas Instruments and have branded the flaws as Bleedingbit. Armis
0 Comments
Security researchers have unveiled details of two critical vulnerabilities in Bluetooth Low Energy (BLE) chips embedded in millions of access points and networking devices used by enterprises around the world. Dubbed BleedingBit, the set of two vulnerabilities could allow remote attackers to execute arbitrary code and take full control of vulnerable devices without authentication, including
0 Comments
Apple introduces a new privacy feature for all new MacBooks that “at some extent” will prevent hackers and malicious applications from eavesdropping on your conversations. Apple’s custom T2 security chip in the latest MacBooks includes a new hardware feature that physically disconnects the MacBook’s built-in microphone whenever the user closes the lid, the company revealed
0 Comments
Many people think of two-factor authentication as a panacea for protecting users. While 2FA does drastically improve user protections, there are still risks. Attackers recognize that every security control implemented in an enterprise comes with its own risks that need to be managed. Therefore, they have learned to attack security controls in order to compromise
0 Comments
Introduction Windows 10 is the most used OS for desktops in the world, so it’s a big target for hackers. IT professionals should get to know all the Windows 10 security tools they have at their disposal so they can protect users’ desktops. Options include native Windows 10 security tools and utilities such as Microsoft
0 Comments
A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosting a proof-of-concept (PoC) exploit for the vulnerability that appears to be a privilege escalation flaw
0 Comments
As concern over medical device cybersecurity grows, the U.S. Food and Drug Administration has taken additional steps to help hospitals get in front of the issue, an action commended by one medical device company CEO. The FDA recently announced efforts to strengthen the agency’s medical device cybersecurity program to help device manufacturers identify security vulnerabilities
0 Comments
Siemens AG Siclock central plant clocks were recently found to be affected by several vulnerabilities, some of which have been rated critical. What are these Siemens Siclock flaws and how can they be exploited? German manufacturer and tech giant Siemens recently disclosed six vulnerabilities — three classified as critical — that were found in its
0 Comments
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6
0 Comments
The Facebook hack may be the work of spammers, not a nation-state affiliated group, according to a report. The Wall Street Journal reported earlier this week that, according to anonymous sources familiar with Facebook Inc.’s internal investigation, the hack of 30 million users was the work of spammers, not a nation-state as previously assumed. Facebook
0 Comments
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems
0 Comments
Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application
0 Comments
A libSSH vulnerability that went undisclosed for nearly five years can give malicious actors an easy access to administrative control over devices through SSH server processes. Peter Winter-Smith, security consultant at NCC Group, discovered the authentication bypass flaw (CVE-2018-10933) in libSSH — a library used to implement the SSH protocol in both client and server
0 Comments
A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison. According to a press release published Monday by U.S. Attorney’s Office, Colton Grubbs, who used online moniker ‘KFC Watermelon,’ was pleaded guilty for three counts–unlawfully
0 Comments
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users’ accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses,
0 Comments
A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with