Cybersecurity News
Researchers find a new Linux vulnerability that allows attackers to sniff or hijack VPN connections
On Wednesday, security researchers from the University of New Mexico disclosed a vulnerability impacting most Linux distributions and Unix-like operating systems including FreeBSD, OpenBSD, macOS, iOS, and Android. This Linux vulnerability can ...
Fake Python libraries removed from PyPi when caught stealing SSH and GPG keys, reports ZDNet
Yesterday, ZDNet reported that the Python security team removed two fake Python libraries from PyPI (Python Package Index). These libraries were caught stealing SSH and GPG keys from the Python projects. As ...
TrueDialog’s unprotected database exposes millions of SMS messages containing two-factor codes, and more
Last month, two security researchers, Noam Rotem and Ran Locar found an unprotected database managed by TrueDialog. The database exposed tens of millions of SMS text messages exchanged between businesses and their ...
An unsecured Elasticsearch server exposed 1.2 billion user records containing their personal and social information
Last month, Vinny Troia, the founder of Data Viper and Bob Diachenko, an independent cybersecurity consultant discovered a “wide-open” Elasticsearch server. The server exposed the personal information of about 1.2 billion unique ...
Project Zero shares a detailed analysis of the use-after-free Android Binder vulnerability that affected Pixel, Xioami, and others
Yesterday, Maddie Stone, a Security Researcher in the Google Project Zero team shared a detailed analysis of the use-after-free Android Binder vulnerability. The vulnerability, tracked under CVE-2019-2215 was being exploited in-the-wild affecting ...
Introducing SaltStack Protect, a new SecOps solution for automated discovery and remediation of security vulnerabilities
On Tuesday, SaltStack, the creators of intelligent automation for IT operations and security teams, announced the general availability of SaltStack Protect. SaltStack Protect is for automated discovery and remediation of security vulnerabilities ...
The state of the Cybersecurity skills gap heading into 2020
Just this year, several high-profile cyber breaches exposed confidential information and resulted in millions of dollars in damages. Cybersecurity is more important than ever — a big problem for employers facing millions ...
Yubico reveals Biometric YubiKey at Microsoft Ignite
On Tuesday, at the ongoing Microsoft Ignite, Yubico, the leading provider of authentication and encryption hardware, announced the long-awaited YubiKey Bio. YubiKey Bio is the first YubiKey to support fingerprint recognition for ...
Researchers reveal Light Commands: laser-based audio injection attacks on voice-control devices like Alexa, Siri and Google Assistant
Researchers from the University of Electro-Communications in Tokyo and the University of Michigan released a paper on Monday, that gives alarming cues about the security of voice-control devices. In the research paper ...
Google releases patches for two high-level security vulnerabilities in Chrome, one of which is still being exploited in the wild
Last week, Google notified its users that the ‘stable channel’ desktop Chrome browser is being updated to version 78.0.3904.87 for Windows, Mac, and Linux and will be rolled out in the coming ...
