Mozilla announced on Monday that its Root Store Policy for Certificate Authorities (CAs) has been updated to version 2.6. The Root Store Policy governs CAs trusted by Firefox, Thunderbird and other Mozilla-related software. The latest version of the policy, discussed by the Mozilla community over a period of several months, went into effect on July …
A recently addressed privacy bug on Nametests.com resulted in the data of over 120 million users who took personality quizzes on Facebook to be publicly exposed. Patched as part of Facebook’s Data Abuse Bounty Program, the vulnerability resided in Nametests.com serving users’ data to any third-party that requested it, something that shouldn’t normally happen. Facebook …
Crestron recently addressed a command injection vulnerability in the console service preinstalled on the Digital Graphics Engine 100 (DGE-100) and other hardware controllers made by the company. Tracked as CVE-2018-5553, the vulnerability has a base CVSSv3 score of 9.8 and is considered Critical severity. Discovered by Rapid7, the security bug is the result of lack …
A recently discovered piece of crypto-currency miner malware isn’t only abusing a National Security Agency-linked remote code execution exploit to spread, but also abuses infected machines to scan for vulnerable Internet of Things (IoT) devices. Dubbed PyRoMineIoT, the malware is similar to the PyRoMine crypto-currency miner that was detailed in late April. Both mine for …
Okta Rex (Research and Exploitation) researcher Josh Pitts has discovered a method of exploiting the code signing mechanism in MacOS. If exploited, the flaw could allow malicious untrusted code to masquerade as legitimate trusted code and bypass checks by other security software. Code signing attacks are not new. However, writes Pitts in public disclosure published …
Monitoring cyberthreats over time reveals interesting insights into the strategies used by cybercriminals and the evolution of the attack vectors they target. While the threat landscape continues to be quite diversified, trends do seem to run in predictable cycles. For example, over the last year or so ransomware has risen to become one of the …
Two major Canadian banks informed customers on Monday that they launched an investigation after hackers claimed to have obtained personal and account information as a result of a data breach. The targeted organizations are the Bank of Montreal (BMO) and Simplii Financial, the direct banking brand of the Canadian Imperial Bank of Commerce (CIBC). Both …
The European Union’s new data protection laws came into effect on Friday, with Brussels saying the changes will protect consumers from being like “people naked in an aquarium”. The EU’s so-called General Data Protection Regulation (GDPR) has been blamed for a flood of spam emails and messages in recent weeks as firms rush to request …
Just a few days after they were disclosed, malicious actors started targeting a couple of flaws affecting routers made by South Korea-based Dasan Networks. There are roughly one million potentially vulnerable devices accessible directly from the Internet. vpnMentor on Monday disclosed the details of two vulnerabilities in Gigabit-capable Passive Optical Network (GPON) routers made by …
A researcher has discovered that a mitigation implemented by Microsoft in Windows 10 for the Meltdown vulnerability can be bypassed. The tech giant says it’s working on an update. According to Windows internals expert Alex Ionescu, a Meltdown mitigation in Windows 10 has what he describes as “a fatal flaw.” “Calling NtCallEnclave returned back to …