Sep 16, 2024Ravie LakshmananCloud Security / Vulnerability A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion. The vulnerability has been codenamed CloudImposer by Tenable Research. "The … [Read more...] about Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution
Couldve
Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access
Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last … [Read more...] about Researchers Detail Azure SFX Flaw That Could’ve Allowed Attackers to Gain Admin Access
15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over any developer account and publish malicious releases, while the second bug would … [Read more...] about 15-Year-Old Bug in PEAR PHP Repository Could’ve Enabled Supply Chain Attacks
New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader
Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book. "By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on … [Read more...] about New Amazon Kindle Bug Could’ve Let Attackers Hijack Your eBook Reader
Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site
Microsoft last week rolled out updates for the Edge browser with fixes for two security issues, one of which concerns a security bypass vulnerability that could be exploited to inject and execute arbitrary code in the context of any website. Tracked as CVE-2021-34506 (CVSS score: 5.4), the weakness stems from a universal cross-site scripting (UXSS) issue that's triggered when … [Read more...] about Microsoft Edge Bug Could’ve Let Hackers Steal Your Secrets for Any Site
Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple's crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users. The findings are a consequence of an exhaustive review undertaken by the Open … [Read more...] about Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories
Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games
Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected 3rd-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game … [Read more...] about Valve’s Steam Server Bugs Could’ve Let Hackers Hijack Online Games
Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What's more worrisome is that the flaw not … [Read more...] about Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
OkCupid Dating App Flaws Could’ve Let Hackers Read Your Private Messages
Cybersecurity researchers today disclosed several security issues in popular online dating platform OkCupid that could potentially let attackers remotely spy on users' private information or perform malicious actions on behalf of the targeted accounts.According to a report shared with The Hacker News, researchers from Check Point found that the flaws in OkCupid's Android and … [Read more...] about OkCupid Dating App Flaws Could’ve Let Hackers Read Your Private Messages
A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence
Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows.The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files … [Read more...] about A Bug in Facebook Messenger for Windows Could’ve Helped Malware Gain Persistence