Author: DEFENDEDGE
-
SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for eight months, researchers discovered. Read more
-
Ninja Forms WordPress Plugin Bug Opens Websites to Hacks
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking. Read more
-
Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe sandboxing with malicious PostMessage popups. Read more
-
Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies
TikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase. Read more
-
North Korean Malicious Cyber Activity: AppleJeus
Original release date: February 17, 2021 CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.” The U.S. Government refers… Read more
-
AA21-048A: AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
Original release date: February 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. This joint advisory is the result of analytic efforts among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency… Read more
-
Misconfigured Baby Monitors Allow Unauthorized Viewing
Hundreds of thousands of individuals are potentially affected by this vulnerability. Read more
-
Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates. Read more
-
Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that remain unpatched three months after app makers were informed. Read more
-
Vulnerability Summary for the Week of February 8, 2021
Original release date: February 15, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — acrobat Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker… Read more