Yahoo , Adult Friend Finder , LinkedIn , Tumblr and Daily Motion all have something in common : in 2016 , details of massive hacks perpetrated against the companies were disclosed . The firms represent a handful of the companies and public bodies around the world that suffered at the hands of hackers last year . Data compromised Attack.Databreach usually included names , emails , and physical addresses , and even personal bank details , ethnicity data , and phone numbers . And the hacks aren ’ t stopping anytime soon . 2017 has already been dominated by numerous data breaches Attack.Databreach and the most recent affects the Association of British Travel Agents , commonly known as ABTA . To keep you in the loop on data breaches Attack.Databreach this year , WIRED will keep a running tally of successful hacks . The abta.com web server for the Association of British Travel Agents ( ABTA ) was recently hacked Attack.Databreach by “ an external infiltrator ” who exposed Attack.Databreach the details of 43,000 individuals . Around 1,000 of these included files that could include personal identity information of customers of ABTA members uploaded since 11 January 2017 , while around 650 may also include personal identity information of ABTA members . As the UK ’ s largest travel association , ABTA ’ s members include travel agents and tour operators . The unauthorised access Attack.Databreach was said to be possible due to a system vulnerability “ that the infiltrator exploited ” to access Attack.Databreach some data provided by some customers of ABTA Members and by ABTA Members themselves . On immediate investigation , ABTA said Vulnerability-related.DiscoverVulnerability it identified Vulnerability-related.DiscoverVulnerability that although ABTA ’ s own IT systems remained secure , there was a vulnerability to the web server managed for ABTA through a third-party web developer and hosting company . “ This , unfortunately , means some documentation uploaded to the website , as well as some information provided by customers , may have been accessed Attack.Databreach , ” ABTA ’ s CEO , Mark Tanzer said . As a precautionary measure , it has taken steps to warn its members and customers of ABTA members who have the potential to be affected . The group has also alerted the relevant authorities , including the Information Commissioner ( ICO ) and the police .

The Bitcoin Core developers recently fixed Vulnerability-related.PatchVulnerability a major vulnerability in the Bitcoin ( BTC ) network ’ s ( client ) codebase . Explaining the potentially serious nature of the software bug , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-17144 and classified as a denial-of-service ( DoS ) attack , Casaba Security co-founder Jason Glassberg said Vulnerability-related.DiscoverVulnerability : “ [ It ] can take down the network. ” Glassberg also told Vulnerability-related.DiscoverVulnerability ZDNet the vulnerability in the Bitcoin Core codebase “ would [ have ] affected transactions in the sense that they can not be completed , but does not appear to open up a way to steal or manipulate wallets. ” Denial-of-Service ( DoS ) , 51 % Attacks The Bitcoin Core client software is used by BTC miners to validate transactions on the cryptocurrency ’ s blockchain and the recent vulnerability found Vulnerability-related.DiscoverVulnerability in its source code could have been used to intentionally crash bitcoin ’ s full-node operators . Although not logistically feasible , this particular software bug could have been remotely exploited Vulnerability-related.DiscoverVulnerability by an attacker to launch a 51 % attack in which one entity controls the majority of the hashing ( or computing ) power of a cryptocurrency network . Advisory Notice , Critical Patch Released Vulnerability-related.PatchVulnerability In most cases , a bad actor has orchestrated a 51 % attack in order to manipulate transactions on a cryptocurrency ’ s blockchain for financial gains . At present , it would cost approximately $ 490,000 to launch such an attack ( for 1 hour ) on the Bitcoin network , according to Crypto51 . However , if the recent Bitcoin Core software bug had not been patched Vulnerability-related.PatchVulnerability , a bad actor could have initiated a 51 % attack on the cryptocurrency ’ s network at a considerably lower cost . The Bitcoin Core developers posted Vulnerability-related.DiscoverVulnerability an advisory notice ( on September 19th ) regarding this DoS vulnerability . Users of Bitcoin Core have been instructed to upgrade Vulnerability-related.PatchVulnerability to version 0.16.3 of the software . Previous versions ( 0.14.0 to 0.16.3 ) of the client contain the DoS vulnerability . Bitcoin Knots , one of at least 96 bitcoin forks to date , was considered vulnerable Vulnerability-related.DiscoverVulnerability as well and its client software was patched Vulnerability-related.PatchVulnerability . `` Copycat '' Cryptos Are At Risk Notably , the CVE-2018-17144 vulnerability could have also affected Vulnerability-related.DiscoverVulnerability the litecoin ( LTC ) network but its client has received Vulnerability-related.PatchVulnerability a patch . Commenting on the serious nature of these software bugs , Cornell computer science professor Emin Gün Sirer said Vulnerability-related.DiscoverVulnerability : “ Copycat currencies are at risk ” - meaning that all bitcoin forks are vulnerable Vulnerability-related.DiscoverVulnerability to the attack . The Turkish-American cryptographer , who identified Vulnerability-related.DiscoverVulnerability critical vulnerabilities in Ethereum ’ s codebase before its network was hit with the DAO attack , was referring to all the currently 69 active bitcoin forks that could still be exploited Vulnerability-related.DiscoverVulnerability with a 51 % attack as their clients might still not have received Vulnerability-related.PatchVulnerability a patch and are not as secure as bitcoin network due to their smaller size . In fact , Crypto51 has estimated it would only cost $ 122 to launch a 51 % attack on the Bitcoin Private ( BTCP ) network . However , this estimate has not been confirmed by another source .

Cisco has plugged Vulnerability-related.PatchVulnerability two severe vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its Digital Network Architecture ( DNA ) Center software . Appliances running Cisco 's DNA Center software before Release 1.1.4 are vulnerable Vulnerability-related.DiscoverVulnerability to an authentication bypass that could allow a remote attacker to `` take complete control '' of its identity management functions . Network admins can use the DNA Center interface to add new devices to the network and manage them based on enterprise policies . DNA Center is part of Cisco 's toolkit for internet-based networking . Lax security restrictions on key DNA management functions mean an attacker could send a valid identity management request to an affected system and then change existing system users or create new users , according to Cisco . The flaw , which is tracked as Vulnerability-related.DiscoverVulnerability CVE-2018-0448 , is rated critical and has a Common Vulnerability Scoring System ( CVSS ) v 3.0 rating of 9.8 out of 10 . It 's fixed Vulnerability-related.PatchVulnerability in release 1.1.4 and later and since there are no workarounds , admins will need to update Vulnerability-related.PatchVulnerability to these releases to fix Vulnerability-related.PatchVulnerability the bug . Cisco also fixed Vulnerability-related.PatchVulnerability another critical DNA Center flaw , CVE-2018-15386 , which could give a remote attacker direct access to core management functions . An attacker could exploit the bug by directly connecting to exposed Attack.Databreach DNA Center services and from there obtain Attack.Databreach or change critical system files . This bug is due to insecure default configurations affecting Vulnerability-related.DiscoverVulnerability DNA Center release 1.1 Again , there are no workarounds for the bug , so admins will need to update Vulnerability-related.PatchVulnerability to release 1.2 and later . Both flaws were found Vulnerability-related.DiscoverVulnerability during internal testing . Cisco is not aware of any exploits in the wild for the flaws . Cisco has also fixed Vulnerability-related.PatchVulnerability a critical flaw affecting Vulnerability-related.DiscoverVulnerability Cisco Prime Infrastructure ( PI ) that could let a remote attacker upload any file they wishwithout requiring authentication . The file could be used to execute commands . On PI , Trivial File Transfer Protocol ( TFTP ) is enabled by default and accessible from the web interface , which an attacker could use toupload a malicious file . Customers should check Cisco 's advisory to determine whether they 're running a fixed release . It also has workarounds for some releases . The flaw was reported Vulnerability-related.DiscoverVulnerability by independent security researcher Pedro Ribeiro through Beyond Security 's SecuriTeam Secure Disclosure program . Beyond Security notes in its detailed report about the PI issue that Ribeiro identified Vulnerability-related.DiscoverVulnerability two flaws but only one was fixed Vulnerability-related.PatchVulnerability in Cisco 's patch . `` The first vulnerability is a file-upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user . '' `` The second vulnerability is a privilege escalation to root by bypassing execution restrictions in a SUID binary . `` From our assessment the provided fix only addresses Vulnerability-related.PatchVulnerability the file uploading part of the exploit , not the file inclusion , the ability to execute arbitrary code through it or the privileges escalation issue that the product has . '' Cisco also released Vulnerability-related.PatchVulnerability patches for 33 more high- and medium-severity flaws affecting Vulnerability-related.DiscoverVulnerability WebEx , SD-WAN products , and its ASA security appliances .

We recently became aware of unauthorised access to the web server supporting abta.com by an external infiltrator exploiting a vulnerability . Specialist technical consultants subsequently confirmed that the web server had been accessed . We are not aware of any information being shared Attack.Databreach beyond the infiltrator . We are actively monitoring the situation , but as a precautionary measure we are taking steps to warn both customers of ABTA Members and ABTA Members who have the potential to be affected . We are today contacting these people and providing them with information and guidance to help keep them safe from identity theft or online fraud . We have also alerted the relevant authorities , including the Information Commissioner and the Police . I would personally like to apologise for the anxiety and concern that this incident may cause to any customer of ABTA or ABTA Member who may be affected . It is extremely disappointing that our web server , managed for ABTA through a third party web developer and hosting company , was compromised , and we are taking every step we can to help those affected . I will personally be working with the team to look at what we can learn from this situation . Outlined below , we have answered further questions , which include some guidance for customers of ABTA and ABTA Members . We recently became aware of unauthorised access to the abta.com web server by an external infiltrator . This was possible due to a system vulnerability that the infiltrator exploited to access Attack.Databreach some data provided by some customers of ABTA Members and by ABTA Members themselves . On immediate investigation , we identified Vulnerability-related.DiscoverVulnerability that although ABTA ’ s own IT systems remained secure , there was a vulnerability to the web server for abta.com , which is managed for ABTA through a third-party web developer and hosting company . As a precautionary measure we have taken steps to warn Members and customers of ABTA Members who have the potential to be affected . We have contacted those people and provided them with information and guidance to help keep them safe from identity theft or online fraud . These steps include two dedicated helplines , for customers of ABTA Members and for ABTA Members , and free access to an identity theft protection service offered by Experian . We have also alerted the relevant authorities , including the Information Commissioner and the Police . The unauthorised access may have affected approximately 43,000 individuals . Around 1,000 of these are files that may include personal identity information of customers of ABTA Members ( in support of their complaint about an ABTA Member ) , uploaded since 11 January 2017 ; around 650 may include personal identity information of ABTA Members . The vast majority of the 43,000 relate to people who have registered on abta.com , with email addresses and encrypted passwords , or have filled in an online form with basic contact details which are types of data at a very low exposure risk to identity theft or online fraud . We have provided specific guidance information , including contact details for a dedicated helpline to assist with any further questions . If you think you have been a victim of fraud , report it to Action Fraud online at www.actionfraud.police.uk or call 0300 123 2040 .

Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol ( NTP ) and the NTPsec project and discovered Vulnerability-related.DiscoverVulnerability more than a dozen vulnerabilities . Experts identified Vulnerability-related.DiscoverVulnerability a total of 16 security-related issues , including 8 weaknesses that only affect Vulnerability-related.DiscoverVulnerability NTP and two that only impact Vulnerability-related.DiscoverVulnerability NTPsec , which is meant to be a secure , hardened and improved implementation of NTP . Cure53 has published separate reports focusing on the NTP and NTPsec problems . The Network Time Foundation addressed Vulnerability-related.PatchVulnerability the flaws earlier this month with the release of ntp-4.2.8p10 . Cure53 has classified Vulnerability-related.DiscoverVulnerability one vulnerability as being critical . CVE-2017-6460 , which only affects Vulnerability-related.DiscoverVulnerability NTP , has been described Vulnerability-related.DiscoverVulnerability as a stack-based buffer overflow that can be triggered by a malicious server when a client requests the restriction list . The flaw can be exploited Vulnerability-related.DiscoverVulnerability to cause a crash and possibly to execute arbitrary code . The security holes rated Vulnerability-related.DiscoverVulnerability by Cure53 as high severity are CVE-2017-6463 and CVE-2017-6464 , both of which can be exploited Vulnerability-related.DiscoverVulnerability for DoS attacks . It ’ s worth noting that while some of the vulnerabilities have been classified Vulnerability-related.DiscoverVulnerability as critical and high severity by Cure53 , NTP developers have only assigned Vulnerability-related.DiscoverVulnerability medium , low and informational-level severity ratings to the discovered flaws . Ntp-4.2.8p10 patches Vulnerability-related.PatchVulnerability a total of 15 vulnerabilities and also includes just as many non-security fixes and improvements . Of the 15 security holes resolved Vulnerability-related.PatchVulnerability in the latest version , 14 were discovered Vulnerability-related.DiscoverVulnerability by Cure53 , which also noticed Vulnerability-related.DiscoverVulnerability that a flaw initially patched Vulnerability-related.PatchVulnerability in December 2014 was reintroduced Vulnerability-related.DiscoverVulnerability in November 2016 . One of the vulnerabilities fixed Vulnerability-related.PatchVulnerability in ntp-4.2.8p10 was reported Vulnerability-related.DiscoverVulnerability by researchers at Cisco Talos . Experts identified Vulnerability-related.DiscoverVulnerability a DoS vulnerability affecting Vulnerability-related.DiscoverVulnerability the origin timestamp check functionality

Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol ( NTP ) and the NTPsec project and discovered Vulnerability-related.DiscoverVulnerability more than a dozen vulnerabilities . Experts identified Vulnerability-related.DiscoverVulnerability a total of 16 security-related issues , including 8 weaknesses that only affect Vulnerability-related.DiscoverVulnerability NTP and two that only impact Vulnerability-related.DiscoverVulnerability NTPsec , which is meant to be a secure , hardened and improved implementation of NTP . Cure53 has published separate reports focusing on the NTP and NTPsec problems . The Network Time Foundation addressed Vulnerability-related.PatchVulnerability the flaws earlier this month with the release of ntp-4.2.8p10 . Cure53 has classified Vulnerability-related.DiscoverVulnerability one vulnerability as being critical . CVE-2017-6460 , which only affects Vulnerability-related.DiscoverVulnerability NTP , has been described Vulnerability-related.DiscoverVulnerability as a stack-based buffer overflow that can be triggered by a malicious server when a client requests the restriction list . The flaw can be exploited Vulnerability-related.DiscoverVulnerability to cause a crash and possibly to execute arbitrary code . The security holes rated Vulnerability-related.DiscoverVulnerability by Cure53 as high severity are CVE-2017-6463 and CVE-2017-6464 , both of which can be exploited Vulnerability-related.DiscoverVulnerability for DoS attacks . It ’ s worth noting that while some of the vulnerabilities have been classified Vulnerability-related.DiscoverVulnerability as critical and high severity by Cure53 , NTP developers have only assigned Vulnerability-related.DiscoverVulnerability medium , low and informational-level severity ratings to the discovered flaws . Ntp-4.2.8p10 patches Vulnerability-related.PatchVulnerability a total of 15 vulnerabilities and also includes just as many non-security fixes and improvements . Of the 15 security holes resolved Vulnerability-related.PatchVulnerability in the latest version , 14 were discovered Vulnerability-related.DiscoverVulnerability by Cure53 , which also noticed Vulnerability-related.DiscoverVulnerability that a flaw initially patched Vulnerability-related.PatchVulnerability in December 2014 was reintroduced Vulnerability-related.DiscoverVulnerability in November 2016 . One of the vulnerabilities fixed Vulnerability-related.PatchVulnerability in ntp-4.2.8p10 was reported Vulnerability-related.DiscoverVulnerability by researchers at Cisco Talos . Experts identified Vulnerability-related.DiscoverVulnerability a DoS vulnerability affecting Vulnerability-related.DiscoverVulnerability the origin timestamp check functionality

Over a quarter of a million devices used with DVRs around the globe are susceptible to a new botnet its discoverers have dubbed Amnesia . Unit 42 researchers at Palo Alto Networks announced on Thursday their detection of a new variant of the IoT/Linux botnet Tsunami , which they are referring to as Amnesia . The Amnesia botnet looks for an unpatched remote code execution vulnerability affecting Vulnerability-related.DiscoverVulnerability DVR ( digital video recorder ) appliances manufactured by China-based TVT Digital and identified Vulnerability-related.DiscoverVulnerability in nearly identical products from more than 70 global vendors . Unit 42 is claiming Vulnerability-related.DiscoverVulnerability that the flaw is impacting Vulnerability-related.DiscoverVulnerability about 227,000 devices all over the planet , with Taiwan , the United States , Israel , Turkey , and India being the most susceptible . Further , the researchers believe this is the first Linux malware to adopt virtual machine evasion techniques to defeat malware analysis sandboxes . Not only that , should the code recognize it has reached into VirtualBox , VMware or a QEMU-based virtual machine , it will wipe the virtualized Linux system by deleting all the files in file system , the post stated . `` This affects not only Linux malware analysis sandboxes but also some QEMU based Linux servers on VPS or on public cloud , '' the researchers said . The power is in how the malware can exploit the remote code execution vulnerability to scan for , locate and attack vulnerable systems . Once connected , the malware enables the remote attackers to gain full control of the affected device . The researchers speculate that bad actors could potentially use the Amnesia botnet to launch wide-scale DDoS attacks on a scale previously seen in the fall 2016 with the Mirai botnet . Apparently , no patches have yet been issued to address Vulnerability-related.PatchVulnerability the flaw , the researchers said . As to why a patch has yet to be issued to fix Vulnerability-related.PatchVulnerability this year-old flaw , Ryan Olson , intelligence director of Unit 42 at Palo Alto Networks , told SC Media on Thursday that it 's up to the manufacturer to create Vulnerability-related.PatchVulnerability a patch . His team has n't found any evidence they have released one . The vulnerable DVRs are typically connected to closed circuit TV ( CCTV ) equipment , which are often installed in offices and stores , Olson said . `` The people operating these should limit access to those devices from the internet so they are not exposed to potential malicious actors . '' This , he added , is typically accomplished using a firewall that stops the traffic before it reaches the vulnerable device . The fact that the actors behind this malware are using VM-detection mechanisms in a Linux malware family indicates that they likely have prior experience creating malware , Olson explained . The good news is that no large-scale attacks have yet been launched using the Amnesia botnet , though judging by the harm from Mirai , the researchers at Palo Alto warned the damage large-scale IoT-based botnets could do is substantial . They recommended users have `` the latest protections '' installed and to block traffic to Amnesia 's command-and-control server ( listed in their post )

Developers are once again being blamed Vulnerability-related.DiscoverVulnerability for cloud back-end security vulnerabilities , this time in a new report Vulnerability-related.DiscoverVulnerability from Appthority . The company published investigation results that found nearly 43 TB of enterprise data was exposed Attack.Databreach on cloud back-ends , including personally identifiable information ( PII ) . This comes just shortly after a similar report from a different security company . In the new `` 2017 Q2 Enterprise Mobile Threat Report '' report ( free upon providing registration info ) , Appthority found `` data leakage Attack.Databreach `` from mobile apps that send data to unsecured cloud back-ends . While security concerns typically focus on a triad of other factors -- apps , device threats and network threats -- this data leakage Attack.Databreach on the back-end was dubbed the `` HospitalGown '' threat because of that garment 's open back-end . `` In total , we found Vulnerability-related.DiscoverVulnerability almost 43 TB of data exposed Attack.Databreach and 1,000 apps affected Vulnerability-related.DiscoverVulnerability by the HospitalGown vulnerability , '' Appthority said Vulnerability-related.DiscoverVulnerability in a blog post last week . `` Looking at a subset of 39 apps , we still found 280 million records exposed Attack.Databreach , a total of about 163 GB of data . This is a staggering amount of leaked information , and in some cases represents the entirety of customer or operational data for an enterprise . '' The report Vulnerability-related.DiscoverVulnerability echoes the findings of an earlier report Vulnerability-related.DiscoverVulnerability by RedLock Inc. , which revealed Vulnerability-related.DiscoverVulnerability many security issues primarily caused by user misconfigurations on public cloud platforms . RedLock claimed it found 82 percent of hosted databases remain unencrypted , among many other problems . As with the RedLock report Vulnerability-related.DiscoverVulnerability , developers were blamed Vulnerability-related.DiscoverVulnerability for the HospitalGown vulnerabilities. `` HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ' failure to properly secure the back-end ( hence its name ) servers with which the app communicates and where sensitive data is stored , '' Appthority said . Unsecured Elasticsearch servers and MongoDB databases were prime targets of a series of ransomware attacks Attack.Ransom earlier this year that generated widespread publicity in the security field . However , that publicity apparently was n't enough to significantly alleviate the issue . `` As our findings show , weakly secured back-ends in apps used by employees , partners and customers create a range of security risks including extensive data leaks Attack.Databreach of personally identifiable information ( PII ) and other sensitive data , '' the report states . `` They also significantly increase the risk of spear phishing Attack.Phishing , brute force login , social engineering , data ransom Attack.Ransom , and other attacks . And , HospitalGown makes data access Attack.Databreach and exfiltration Attack.Databreach far easier than other types of attacks . '' Key findings of the report as listed by the company include : Affected apps are connecting to unsecured data stores on popular enterprise services , such as Elasticsearch and MySQL , which are leaking Attack.Databreach large amounts of sensitive data . Apps using just one of these services revealed almost 43TB of exposed data . Multiple affected apps leaked Attack.Databreach some form of PII , including passwords , location , travel and payment details , corporate profile data ( including employees ' VPN PINs , emails , phone numbers ) , and retail customer data . Enterprise security teams do not have visibility into the risk due to the risk 's location in the mobile app vendor 's architecture stack . In multiple cases , data has already been accessed Attack.Databreach by unauthorized individuals and ransomed Attack.Ransom . Even apps that have been removed from devices and the app stores still pose an exposure Attack.Databreach risk due to the sensitive data that remains stored on unsecured servers . The company said Vulnerability-related.DiscoverVulnerability its Mobile Threat Team identified Vulnerability-related.DiscoverVulnerability the HospitalGown vulnerabilities with a combination of its dynamic app analysis tool and a new back-end scanning method , looking at the network traffic on more than 1 million enterprise mobile apps , both iOS and Android . As with the misconfiguration problems identified Vulnerability-related.DiscoverVulnerability in the RedLock report Vulnerability-related.DiscoverVulnerability , Appthority emphasized Vulnerability-related.DiscoverVulnerability that all cases of HospitalGown vulnerabilities were caused by human errors , not malicious intent or inherent infrastructure problems . That human error was especially prevalent in two app implementations investigated by Appthority : Pulse Workspace ( for accessing enterprise network and Web applications ) and Jacto apps ( from an agricultural machinery company ) .

Developers are once again being blamed Vulnerability-related.DiscoverVulnerability for cloud back-end security vulnerabilities , this time in a new report Vulnerability-related.DiscoverVulnerability from Appthority . The company published investigation results that found nearly 43 TB of enterprise data was exposed Attack.Databreach on cloud back-ends , including personally identifiable information ( PII ) . This comes just shortly after a similar report from a different security company . In the new `` 2017 Q2 Enterprise Mobile Threat Report '' report ( free upon providing registration info ) , Appthority found `` data leakage Attack.Databreach `` from mobile apps that send data to unsecured cloud back-ends . While security concerns typically focus on a triad of other factors -- apps , device threats and network threats -- this data leakage Attack.Databreach on the back-end was dubbed the `` HospitalGown '' threat because of that garment 's open back-end . `` In total , we found Vulnerability-related.DiscoverVulnerability almost 43 TB of data exposed Attack.Databreach and 1,000 apps affected Vulnerability-related.DiscoverVulnerability by the HospitalGown vulnerability , '' Appthority said Vulnerability-related.DiscoverVulnerability in a blog post last week . `` Looking at a subset of 39 apps , we still found 280 million records exposed Attack.Databreach , a total of about 163 GB of data . This is a staggering amount of leaked information , and in some cases represents the entirety of customer or operational data for an enterprise . '' The report Vulnerability-related.DiscoverVulnerability echoes the findings of an earlier report Vulnerability-related.DiscoverVulnerability by RedLock Inc. , which revealed Vulnerability-related.DiscoverVulnerability many security issues primarily caused by user misconfigurations on public cloud platforms . RedLock claimed it found 82 percent of hosted databases remain unencrypted , among many other problems . As with the RedLock report Vulnerability-related.DiscoverVulnerability , developers were blamed Vulnerability-related.DiscoverVulnerability for the HospitalGown vulnerabilities. `` HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ' failure to properly secure the back-end ( hence its name ) servers with which the app communicates and where sensitive data is stored , '' Appthority said . Unsecured Elasticsearch servers and MongoDB databases were prime targets of a series of ransomware attacks Attack.Ransom earlier this year that generated widespread publicity in the security field . However , that publicity apparently was n't enough to significantly alleviate the issue . `` As our findings show , weakly secured back-ends in apps used by employees , partners and customers create a range of security risks including extensive data leaks Attack.Databreach of personally identifiable information ( PII ) and other sensitive data , '' the report states . `` They also significantly increase the risk of spear phishing Attack.Phishing , brute force login , social engineering , data ransom Attack.Ransom , and other attacks . And , HospitalGown makes data access Attack.Databreach and exfiltration Attack.Databreach far easier than other types of attacks . '' Key findings of the report as listed by the company include : Affected apps are connecting to unsecured data stores on popular enterprise services , such as Elasticsearch and MySQL , which are leaking Attack.Databreach large amounts of sensitive data . Apps using just one of these services revealed almost 43TB of exposed data . Multiple affected apps leaked Attack.Databreach some form of PII , including passwords , location , travel and payment details , corporate profile data ( including employees ' VPN PINs , emails , phone numbers ) , and retail customer data . Enterprise security teams do not have visibility into the risk due to the risk 's location in the mobile app vendor 's architecture stack . In multiple cases , data has already been accessed Attack.Databreach by unauthorized individuals and ransomed Attack.Ransom . Even apps that have been removed from devices and the app stores still pose an exposure Attack.Databreach risk due to the sensitive data that remains stored on unsecured servers . The company said Vulnerability-related.DiscoverVulnerability its Mobile Threat Team identified Vulnerability-related.DiscoverVulnerability the HospitalGown vulnerabilities with a combination of its dynamic app analysis tool and a new back-end scanning method , looking at the network traffic on more than 1 million enterprise mobile apps , both iOS and Android . As with the misconfiguration problems identified Vulnerability-related.DiscoverVulnerability in the RedLock report Vulnerability-related.DiscoverVulnerability , Appthority emphasized Vulnerability-related.DiscoverVulnerability that all cases of HospitalGown vulnerabilities were caused by human errors , not malicious intent or inherent infrastructure problems . That human error was especially prevalent in two app implementations investigated by Appthority : Pulse Workspace ( for accessing enterprise network and Web applications ) and Jacto apps ( from an agricultural machinery company ) .

Researchers say Vulnerability-related.DiscoverVulnerability several Motorola handset models are vulnerable Vulnerability-related.DiscoverVulnerability to a critical kernel command line injection flaw that could allow a local malicious application to execute arbitrary code on the devices . The two affected Motorola models are the Moto G4 and Moto G5 . The warnings Vulnerability-related.DiscoverVulnerability come from Aleph Research which said Vulnerability-related.DiscoverVulnerability it found Vulnerability-related.DiscoverVulnerability the vulnerability on up-to-date handsets running the latest Motorola Android bootloader . Motorola said patches to fix Vulnerability-related.PatchVulnerability the vulnerability in both devices are expected this month . “ Exploiting the vulnerability allows the adversary to gain an unrestricted root shell . ( And more ! ) , ” wrote Roee Hay , manager of Aleph Research . He said Vulnerability-related.DiscoverVulnerability vulnerable versions of the Motorola Android bootloader allow for a kernel command-line injection attack . The vulnerability ( CVE-2016-10277 ) is the same one found Vulnerability-related.DiscoverVulnerability by Aleph Research earlier this year and fixed Vulnerability-related.PatchVulnerability by Google in May , impacting Vulnerability-related.DiscoverVulnerability the Nexus 6 Motorola bootloader . “ By exploiting the vulnerability , a physical adversary or one with authorized USB fastboot access to the device could break the secure/verified boot mechanism , allowing him to gain unrestricted root privileges , and completely own the user space by loading a tampered or malicious image , ” wrote Hay . Despite the fact the vulnerability had been patched Vulnerability-related.PatchVulnerability for the Nexus 6 , Hay said the Moto G4 and G5 were still vulnerable Vulnerability-related.DiscoverVulnerability to the same kernel command line injection flaw . “ In the previous blog post , we suggested that CVE-2016-10277 could affect Vulnerability-related.DiscoverVulnerability other Motorola devices . After receiving a few reports on Twitter that this was indeed the case we acquired a couple of Motorola devices , updated to the latest available build we received over-the-air , ” the researcher wrote on Wednesday . Motorola told Threatpost via a statement that , “ A patch will begin rolling out Vulnerability-related.PatchVulnerability for Moto G5 within the next week and will continue until all variants are updated Vulnerability-related.PatchVulnerability . The patch for Moto G4 is planned to start deployment Vulnerability-related.PatchVulnerability at the end of the month and will continue until all variants are updated Vulnerability-related.PatchVulnerability . ” Researchers were able to trigger the vulnerability on the Moto devices by abusing the Motorola bootloader download functionality in order to swap in their own malicious initramfs ( initial RAM file system ) at a known physical address , named SCRATCH_ADDR . “ We can inject a parameter , named initrd , which allows us to force the Linux kernel to populate initramfs into rootfs from a specified physical address , ” the researcher wrote . Next , using malicious initramfs to load into a customized boot process they were able to gain root shell access to the device . Hay ’ s research into the Motorola bootloaders began in January when he identified Vulnerability-related.DiscoverVulnerability a high-severity vulnerability ( CVE-2016-8467 ) impacting Vulnerability-related.DiscoverVulnerability Nexus 6/6P handsets . That separate vulnerability allowed attackers to change the bootmode of the device , giving access to hidden USB interfaces . Google fixed Vulnerability-related.PatchVulnerability the issue by hardening the bootloader and restricting it from loading custom bootmodes . “ Just before Google released Vulnerability-related.PatchVulnerability the patch , we had discovered Vulnerability-related.DiscoverVulnerability a way to bypass it on Nexus 6 , ” Hay said in May of the second CVE-2016-10277 vulnerability . In an interview with Hay by Threatpost he said Vulnerability-related.DiscoverVulnerability , “ Yes , they are both bootloader vulnerabilities . The CVE-2016-10277 can be considered a generalization of CVE-2016-8467 , but with a much stronger impact , ” he said Vulnerability-related.DiscoverVulnerability .

Recently a hacker identified Vulnerability-related.DiscoverVulnerability the existence of two high-risk bugs and revealed Vulnerability-related.DiscoverVulnerability this information on Reddit ’ s forum posts . The hacker , who uses the alias Cipher0007 , managed to steal Attack.Databreach 200,000 private messages . These messages were exchanged between users/buyers and sellers . ZDNet reports that Cipher0007 disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities earlier this week and revealed on Reddit that these flaws could be used to steal private messages on AlphaBay . The messages weren ’ t protected by PGP keys , which made it easier for Cipher0007 to steal Attack.Databreach them in such large proportion . Must Read : AlphaBay posted Vulnerability-related.DiscoverVulnerability an official statement on Pastebin in which they admitted Vulnerability-related.DiscoverVulnerability the presence of these bugs and also confirmed that Cipher0007 has hacked Attack.Databreach around 218,000 messages . It must be noted that the hacked messages weren ’ t older than 30 days since the site ’ s system automatically purges messages that are more than 30 days old . To prove that he has managed to infiltrate AlphaBay and stole Attack.Databreach private messages , Cipher0007 posted numerous screenshots too . AlphaBay rewarded Cipher0007 for not selling the flaws or exposing Attack.Databreach the stolen data to the public . Cipher0007 then disclosed Vulnerability-related.DiscoverVulnerability the methods he used to exploit AlphaBay to the company and finally the developers at the trading platform managed to fix Vulnerability-related.PatchVulnerability the flaws . Cellular ” Customers This is not the first time when a Dark Web domain has been hacked

A security flaw affecting Vulnerability-related.DiscoverVulnerability LibreOffice and Apache OpenOffice has been fixed Vulnerability-related.PatchVulnerability in one of the two open-source office suites . The other still appears to be vulnerable Vulnerability-related.DiscoverVulnerability . Before attempting to guess which app has yet to be patched Vulnerability-related.PatchVulnerability , consider that Apache OpenOffice for years has struggled attract more contributors . And though the number of people adding code to the project has grown since last we checked , the project missed its recent January report to the Apache Foundation . The upshot is : security holes are n't being patched Vulnerability-related.PatchVulnerability , it seems . The issue , identified Vulnerability-related.DiscoverVulnerability by security researcher Alex Inführ , is that there 's a way to achieve remote code execution by triggering an event embedded in an ODT ( OpenDocument Text ) file . In a blog post on Friday , Inführ explains Vulnerability-related.DiscoverVulnerability how he found Vulnerability-related.DiscoverVulnerability a way to abuse the OpenDocument scripting framework by adding an onmouseover event to a link in an ODT file . The event , which fires when a user 's mouse pointer moves over the link , can traverse local directories and execute a local Python script . After trying various approaches to exploit the vulnerability , Inführ found Vulnerability-related.DiscoverVulnerability that he could rig the event to call a specific function within a Python file included with the Python interpreter that ships with LibreOffice . `` For the solution I looked into the Python parsing code a little more in depth and discovered that it is not only possible to specify the function you want to call inside a python script , but it is possible to pass parameters as well , '' he said . The exploit was tested on Windows , and should work on Linux , too . Inführ says Vulnerability-related.DiscoverVulnerability he reported Vulnerability-related.DiscoverVulnerability the bug on October 18 and it was fixed Vulnerability-related.PatchVulnerability in LibreOffice by the end of the month . RedHat assigned Vulnerability-related.DiscoverVulnerability it CVE-2018-16858 in mid-November and gave Inführ a disclosure Vulnerability-related.DiscoverVulnerability date of January 31 , 2019 . When he published Vulnerability-related.DiscoverVulnerability on February 1 , in conjunction with the LibreOffice fix notification , OpenOffice still had not been patched Vulnerability-related.PatchVulnerability . Inführ says Vulnerability-related.DiscoverVulnerability he reconfirmed Vulnerability-related.DiscoverVulnerability that he could go ahead with disclosure Vulnerability-related.DiscoverVulnerability even though OpenOffice 4.16 has yet to be fixed Vulnerability-related.PatchVulnerability . His proof-of-concept exploit does n't work with OpenOffice out-of-the-box because the software does n't allow parameters to be passed in the same way as the unpatched version of LibreOffice did . However , he says Vulnerability-related.DiscoverVulnerability that the path traversal issue can still be abused to execute a local Python file and cause further mischief and damage . We 're imagining specifically targeted netizens being tricked Attack.Phishing into opening a ZIP file , unpacking an ODT and Python script , and then the ODT document attempting to execute the Python script when the victim rolls their mouse over a link , for instance . The Register tried to reach two OpenOffice contributors to find out what 's going on . We 've not heard back . According to Inführ , OpenOffice users can mitigate the risk by removing or renaming the pythonscript.py file in the installation folder .

Adobe has patched Vulnerability-related.PatchVulnerability two critical flaws in Acrobat and Reader that warrant urgent attention . Officially , Adobe patches Vulnerability-related.PatchVulnerability security vulnerabilities around the middle of each month to coordinate with Microsoft ’ s Patch Tuesday , but recently it ’ s become almost routine for the company to issue Vulnerability-related.PatchVulnerability out-of-band updates in between . APSB19-02 , the first of such updates to reach customers in the new year , addresses Vulnerability-related.PatchVulnerability critical flaws with a priority rating of ‘ 2 ’ . That means that the flaw is potentially serious , but Adobe hasn ’ t detected Vulnerability-related.DiscoverVulnerability any real-world exploits ( the latter would entail issuing Vulnerability-related.PatchVulnerability an ‘ emergency ’ patch with a ‘ 1 ’ rating ) . The first flaw , identified Vulnerability-related.DiscoverVulnerability as CVE-2018-16011 , is described Vulnerability-related.DiscoverVulnerability by Adobe as a use-after-free bug that could be exploited Vulnerability-related.DiscoverVulnerability using a maliciously crafted PDF to take control of a target system with their malware of choice . The second , CVE-2018-16018 ( replacing CVE-2018-19725 ) , is a security bypass targeting JavaScript API restrictions on Adobe Reader DC and seems to have been in the works since before Christmas , affecting Vulnerability-related.DiscoverVulnerability all versions of Window and macOS Acrobat DC/Reader 2019.010.20064 and earlier , the fix in both cases is to update Vulnerability-related.PatchVulnerability to 2019.010.20069 . For the legacy Acrobat/Reader 2017 2017.011.30110 and Acrobat/Reader DC 2015 2015.006.30461 , the updates take those to 2017.011.30113 and 2015.006.30464 respectively . As critical flaws with a ‘ 2 ’ rating , there is a suggested 30-day window within which to apply Vulnerability-related.PatchVulnerability the updates , but it ’ s worth bearing in mind that a new round of patches will likely be offered Vulnerability-related.PatchVulnerability for Adobe products tomorrow as part of Patch Tuesday . In December ’ s Patch Tuesday , Adobe released Vulnerability-related.PatchVulnerability a not inconsiderable 87 patches , including 39 rated critical . Only days before , Adobe issued Vulnerability-related.PatchVulnerability an emergency Flash patch for a zero-day vulnerability that was being exploited Vulnerability-related.DiscoverVulnerability , while in November Flash received Vulnerability-related.PatchVulnerability a separate patch for one whose exploitation was believed to be imminent .

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .