VirusTotal Hacking Offers a Supercharged Version of Google Hacking
Chronicle’s VirusTotal (VT) is a boon to security researchers and a gift to potential criminals. Apart from virus samples it contains likely millions of user credentials readily available to anyone who knows where and how to look.
Zoho Patches Critical Vulnerability in Endpoint Management Solutions
Zoho Corp on Monday said it has released patches for a critical vulnerability affecting Desktop Central and Desktop Central MSP, the endpoint management solutions from ManageEngine.
Vulnerability in IDEMIA Biometric Readers Allows Hackers to Unlock Doors
A critical vulnerability impacting multiple IDEMIA biometric identification devices can be exploited to unlock doors and turnstiles.
Because of this security defect, if the TLS protocol is not activated, an attacker in the network can send specific commands without authentication to open doors or turnstiles directly operated by a vulnerable device.
Oracle to Release Nearly 500 New Security Patches
Oracle is preparing the release of nearly 500 new security patches with its Critical Patch Update (CPU) for January 2022.
Safari 15 Vulnerability Allows Cross-Site Tracking of Users
A vulnerability in Apple’s implementation of the IndexedDB API in Safari 15 allows websites to track users’ activity on other sites and even to reveal their identity, browser fingerprinting and fraud detection firm FingerprintJS explains.
Critical SAP Vulnerability Allows Supply Chain Attacks
A critical vulnerability addressed recently in SAP NetWeaver AS ABAP and ABAP Platform could be abused to set up supply chain attacks, SAP security solutions provider SecurityBridge warns.
Details Published on AWS Flaws Leading to Data Leaks
Researchers at cloud security startup Orca Security have publicly documented a pair of vulnerabilities in AWS CloudFormation and AWS Glue that attackers could use to leak sensitive files or access other customers’ data.
U.S. Government, Tech Giants Discuss Open Source Software Security
FCC Chair Proposes New Policies for Carrier Data Breach Reporting
Federal Communications Commission (FCC) chairwoman Jessica Rosenworcel this week proposed updated policies around telecom providers’ reporting of data breaches.
