A Bug Could Let Attackers Hijack Firefox for Android via Wi-Fi Network – Tempemail

Dear Android users, if you use the Firefox web browser on your smartphones, make sure it has been updated to version 80 or the latest available version on the Google Play Store. ESET security researcher Lukas Stefanko yesterday tweeted an alert demonstrating the exploitation of a recently disclosed high-risk remote Continue Reading

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption – Tempemail

A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed “Raccoon Attack,” the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) Continue Reading

A Google Drive ‘Feature’ Could Let Attackers Trick You Into Installing Malware – Tempemail

An unpatched security weakness in Google Drive could be exploited by malware attackers to distribute malicious files disguised as legitimate documents or images, enabling bad actors to perform spear-phishing attacks comparatively with a high success rate. The latest security issue—of which Google is aware but, unfortunately, left unpatched—resides in the Continue Reading

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts – Tempemail

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user’s iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple’s implementation of TouchID Continue Reading

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures – Tempemail

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology (OT) networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems (ICS). A new report published by industrial cybersecurity company Claroty demonstrates multiple severe vulnerabilities Continue Reading

Attackers exploiting unpatched F5 BIG-IP devices – Security – Networking- Tempemail

A critical vulnerability in F5 data centre and enterprise network products that was revealed on July 1 this year is being actively exploited remotely, security researchers have observed. Security vendor NCCGroup’s Research and Intelligence Fusion Team (RIFT) has monitored the exploits since July 3 when it saw the first attacks,  Continue Reading

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers – Tempemail

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server (AS) Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS score of 10 out of 10, potentially Continue Reading

Two Critical Flaws in Zoom Could’ve Let Attackers Hack Systems via Chat – Tempemail

If you’re using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers. No, it’s not about the arrival of the most-awaited “real” end-to-end encryption Continue Reading

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers – Tempemail

A new set of critical vulnerabilities uncovered in SAP’s Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database Continue Reading