/ Security News /

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, …

/ Security News /

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were detailed by a group of …

/ Security News /

Remember the Reverse RDP Attack—wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft’s Remote Desktop Protocol? Though Microsoft had patched the vulnerability (CVE-2019-0887) as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by …

/ Security News /

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, …

/ Security News /

You’ve always been warned not to share remote access to your computer with any untrusted people for many reasons—it’s basic cyber security advice, and common sense, right? But what if I say, you should not even trust anyone who invites or offers you full remote access to their computers? Security researchers at cybersecurity firm Check …

/ Security News /

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely …

/ Security News /

Security researchers have been warning about cybercriminals who have made over 20 million dollars in just past few months by hijacking insecurely configured Ethereum nodes exposed on the Internet. Qihoo 360 Netlab in March tweeted about a group of cybercriminals who were scanning the Internet for port 8545 to find insecure geth clients running Ethereum …

/ Security News /

Do you have remote support software TeamViewer installed on your desktop? If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission. TeamViewer is a popular remote-support software that lets you securely share …

/ Security News /

If you receive an email that looks like it’s from one of your friends, just beware! It’s possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone …

/ Security News /

Another day, another data breach. This time one of the world’s “big four” accountancy firms has fallen victim to a sophisticated cyber attack. Global tax and auditing firm Deloitte has confirmed the company had suffered a cyber attack that resulted in the theft of confidential information, including the private emails and documents of some of …