Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
Google Fixes Mysterious Audio Recording Blip in Smart Speakers
Google Home devices reportedly recorded noises even without the “Hey Google” prompt due to the inadvertent rollout of a home security system feature.
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
DDoS Attacks Cresting Amid Pandemic
Attacks were way up year-over-year in the second quarter as people continue to work from home.
TeamViewer Flaw in Windows App Allows Password-Cracking
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims’ passwords.
DDoS attacks in Q2 2020
News overview Not just one but two new DDoS amplification methods were discovered last quarter. In mid-May, Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed “NXNSAttack”. The hacker sends to a legitimate recursive DNS server a request to several subdomains within the…
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
Attackers Horn in on MFA Bypass Options for Account Takeovers
Legacy applications don’t support modern authentication — and cybercriminals know this.
Have I Been Pwned Set to Go Open-Source
Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.
Hackers Dump 20GB of Intel’s Confidential Data Online
Chipmaker investigates a leak of intellectual property from its partner and customer resource center.