Hacking McDonald’s for Free Food

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a ...

What Does the New CVSS 3.1 Scoring Model Mean for Enterprise Security?

With thousands of security vulnerabilities reported each month in products ranging from hardware devices to firmware to popular software apps, how does one prioritise what needs the most attention? From a business ...

Voatz Internet Voting App Is Insecure

This paper describes the flaws in the Voatz Internet voting app: "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal ...

Nexus Intelligence Insights CVE-2020-2100: Jenkins – UDP Amplification Reflection Attack Leading to Distributed Denial of Service (DDoS)

In the wake of the serious Jenkins vulnerability impacting at least 12,000 Jenkins servers, we dedicate February’s Nexus Intelligence Insights to helping you solve it. This vulnerability is clever; it opens up ...

February 2020 Patch Tuesday – 99 Vulns, 12 Critical, Patch for IE 0-Day, Exchange Vuln, Adobe Vulns

This month’s Microsoft Patch Tuesday addresses 99 vulnerabilities with 12 of them labeled as Critical. Of the 12 Critical vulns, 7 are for browser and scripting engines, 2 are for Remote Desktop ...

The “Big Hack” That Actually Happened – Chinese Military Implicated in Equifax Breach

In October 2018, Bloomberg published an article titled “The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies,” that sent shockwaves around the world. The implication - Chinese spies ...

Apple’s Tracking-Prevention Feature in Safari has a Privacy Bug

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow ...

Preventing Tax Identity Theft, FTC and Robocallers, Google Photos Incident

In episode 107 for February 10th 2020: preventing tax identity theft and other tax scams, the FTC taking a stand against companies that support robocallers, and details on the incident where videos ...
Imperva

Imperva Report: Third of Vulnerabilities Lack Fix

An analysis of the vulnerabilities that were disclosed in 2019 conducted by Imperva, a provider of firewall management software, finds there was a 17.6% increase compared to 2018, with 22% of those ...
Security Boulevard

3 Desktop as a Service (DaaS) Security Risks

Desktop-as-a-Service (DaaS) has recently gained momentum with Microsoft making Windows Virtual Desktop (WVD) generally available and increasing its investment in this service. WVD basically lets companies host low-cost Windows desktops in the ...