Changes

From Security Weekly Wiki
Jump to navigationJump to search
317 bytes added ,  19:17, 5 December 2019
no edit summary
#[https://threatpost.com/hackerone-breach-20000-bounty-reward/150846/ HackerOne Breach Leads to $20,000 Bounty Reward]
#[https://www.zdnet.com/article/openbsd-patches-severe-authentication-bypass-privilege-escalation-vulnerabilities/ OpenBSD patches authentication bypass, privilege escalation vulnerabilities | ZDNet]
#[https://arstechnica.com/information-technology/2019/12/hackerone-breach-lets-outside-hacker-read-customers-private-bug-reports/ HackerOne breach lets outside hacker read customers private bug reports]- Oops: '', the HackerOne analyst sent the community member parts of a cURL command that mistakenly included a valid session cookie that gave anyone with possession of it the ability to read and partially modify data the analyst had access to.'' One must be careful when sharing information with a bunch of hackers.
#[https://www.wired.com/story/microsoft-outlook-home-page-hack/ Hackers Find Ways Around a Years-Old Microsoft Outlook Fix]
#[https://www.zdnet.com/article/two-malicious-python-libraries-removed-from-pypi/ Two malicious Python libraries caught stealing SSH and GPG keys | ZDNet]
#[https://hotforsecurity.bitdefender.com/blog/mystery-server-found-to-host-private-data-in-the-open-for-1-2-billion-people-21827.html Mystery Server Found to Host Private Data in the Open for 1.2...]
#[https://businessinsights.bitdefender.com/palo-alto-networks-employee-data-breach-highlights-risks-posed-by-third-party-vendors Palo Alto Networks Employee Data Breach Highlights Risks Posed by Third Party Vendors] - 3rd party risk management companies are loving this: ''After all, it wasn't their company which leaked the data and placed it on the internet. Instead , it was an external company, contracted to provide a service to Palo Alto Networks, which was careless with the sensitive information.''
#[https://www.helpnetsecurity.com/2019/12/02/hacking-robotic-vehicles/ Hacking robotic vehicles is easier than you might think - Help Net Security]
#[https://www.inc.com/jason-aten/if-you-bought-a-smart-tv-on-black-friday-fbi-has-a-warning-for-you.html If You Bought a Smart TV on Black Friday, the FBI Has a Warning for You] - Huh? Backdoor through my router? ''"Beyond the risk that your TV manufacturer and app developers may be listening and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router."'' - An attacker still needs a way to get software on the TV to spy on you, maybe it's a backdoor in an app that is installed on the TV, perhaps a backdoor in the firmware, maybe intercepting domains the TV's use to call out to apply updates or get other data. Suggesting that we put tape over the cameras is just silly. How about we address the actual security vulnerabilities, rather than send people into a panic and have them do things that don't really fix the problem?
6,509

edits

Navigation menu