Bhagyashree R

Security News – Packt Hub

On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can be exploited by an attacker to determine if a user is connected to a VPN and to hijack ... Read More

Last month, two security researchers, Noam Rotem and Ran Locar found an unprotected database managed by TrueDialog. The database exposed tens of millions of SMS text messages exchanged between businesses and their customers. TrueDialog is a US-based SMS text service provider for enterprise businesses and higher education. Its cloud-based texting ... Read More

Last month, Vinny Troia, the founder of Data Viper and Bob Diachenko, an independent cybersecurity consultant discovered a “wide-open” Elasticsearch server. The server exposed the personal information of about 1.2 billion unique users including their names, email addresses, phone numbers, LinkedIn and Facebook profile information. The Elasticsearch server did not ... Read More

Yesterday, Maddie Stone, a Security Researcher in the Google Project Zero team shared a detailed analysis of the use-after-free Android Binder vulnerability. The vulnerability, tracked under CVE-2019-2215 was being exploited in-the-wild affecting most Android devices manufactured before fall last year. Stone’s post goes into detail about how they discovered this ... Read More

Last week, the US, UK, and Australian governments wrote an open letter to Facebook urging it to drop end-to-end encryption from WhatsApp and halt its plans to implement end-to-end encryption across its other messaging platforms. The three governments asked the company to ensure “there is no reduction to user safety” ... Read More

Earlier this month, at DEF CON 2019, a Turkish security researcher, Özkan Mustafa Akkuş presented a zero-day remote code execution vulnerability in Webmin, a web-based system configuration system for Unix-like systems. Following this disclosure, its developers revealed that the backdoor was found in Webmin 1.890. A similar backdoor was also ... Read More

Yesterday, GitHub announced that it now supports Web Authentication (WebAuthn) for security keys. In addition to time-based one-time password (TOTP) applications and text messages, you can now also configure two-factor authentication using a security key. Remember when fingerprint authentication seemed like the future? Starting today, secure access to your code ... Read More

In September 2018, LightYear acquired Chain to form a combined company called Interstellar. The company is working on a new blockchain architecture with a focus on privacy, security, and safety named Slingshot. Chain is now Interstellar! 🎉 We've joined forces with Lightyear to make building on the Stellar network even ... Read More

Last week, Avinash Jain, a Lead Infrastructure Security Engineer at Grofers, reported that a misconfiguration in JIRA publicly exposed sensitive information about employees and projects of many big companies. These included organizations like NASA, Google, Yahoo, Zendesk, Lenovo, 1password, Informatica, as well as governing bodies across the world. Earlier this ... Read More

Earlier this month Harry Garrood, a PureScript maintainer found that PureScript’s npm installer is infected by some malicious code. Though the issue is now addressed, developers are recommended to update the installer as soon as possible. Which dependencies of the PureScript npm installer were infected Garrood got suspicious when some ... Read More