Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

Remote job: Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers If you haven’t recently updated your Chrome, Opera, or Edge web browser to the latest available version, it would be an excellent idea to do so as quickly as possible. Cybersecurity researchers on Monday disclosed details about a zero-day flaw in Chromium-based web browsers for Windows, Mac and Android that could have allowed attackers to entirely bypass Content Security Policy (CSP) rules Source: Hackernews Link: Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers Continue reading Google Chrome Bug Could Let Hackers Bypass CSP Protection; Update Web Browsers

A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

Remote job: A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly A security researcher earlier today publicly revealed details and proof-of-concept exploit code for an unpatched, critical zero-day remote code execution vulnerability affecting the widely used internet forum software vBulletin that’s already under active exploitation in the wild. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server that Source: Hackernews Link: A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly Continue reading A New vBulletin 0-Day RCE Vulnerability and Exploit Disclosed Publicly

TeamViewer Flaw Could Let Hackers Steal System Password Remotely

Remote job: TeamViewer Flaw Could Let Hackers Steal System Password Remotely If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows. TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password and eventually compromise it. What’s Source: Hackernews Link: TeamViewer Flaw Could Let Hackers Steal System Password Remotely Continue reading TeamViewer Flaw Could Let Hackers Steal System Password Remotely

Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Remote job: Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application. According to cybersecurity researcher Mazin Ahmed, who presented his findings at DEF CON Source: Hackernews Link: Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28 Continue reading Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Remote job: Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. “The idea is simple and consists of using characters that look the same in order to dupe users,” Malwarebytes Source: Hackernews Link: Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon Continue reading Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

Remote job: Capital One Fined Million for 2019 Data Breach Affecting 106 Million Users A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that Source: Hackernews Link: Capital One Fined Million for 2019 Data Breach Affecting 106 Million Users Continue reading Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

How COVID-19 Has Changed Business Cybersecurity Priorities Forever

Remote job: How COVID-19 Has Changed Business Cybersecurity Priorities Forever For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infrastructure. That infrastructure was called into service with little to no warning and even less opportunity for testing. Needless to say, the Source: Hackernews Link: How COVID-19 Has Changed Business Cybersecurity Priorities Forever Continue reading How COVID-19 Has Changed Business Cybersecurity Priorities Forever

Intel, ARM, IBM, AMD Processors Vulnerable New Side-Channel Attacks

Remote job: Intel, ARM, IBM, AMD Processors Vulnerable New Side-Channel Attacks It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to ‘prefetching effect,’ resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and Source: Hackernews Link: Intel, ARM, IBM, AMD Processors Vulnerable New Side-Channel Attacks Continue reading Intel, ARM, IBM, AMD Processors Vulnerable New Side-Channel Attacks