Hundreds of million users may have been exposed to cross-site scripting (XSS) attacks due to vulnerabilities in the Branch.io services used by Tinder, Shopify, Yelp and many others. When the researchers analyzed Tinder and other applications, they found a Tinder domain, go.tinder.com, which had multiple XSS vulnerabilities. The researchers said that these vulnerabilities could be used to access Tinder users’ profiles. However, in most cases,...
Read More
In May of this year, an app called “Album by Google Photos” was launched in the Microsoft App Store. Its developer, calling itself “Google LLC” (Google LLC). However, in fact, this is completely fake. Attentive people will know that the official Google app that was released before, its developer column is displayed as “Google Inc.” In view of its release for several months, Google has...
Read More
A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos. The...
Read More
Description: Microsoft has released a security update to address a vulnerability in the Yammer desktop application. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8569
Description: libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Description: Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: http://www.drupal.org/sa-core-2018-006
Description: Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://tools.cisco.com/security/center/publicationListing.x
Description: Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. Impact: A remote attacker could exploit this vulnerability to take control of an affected system. Mitigation: Updates are available. Please see the references or vendor advisory for more information. Reference URL’s: https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
In 2015, Amazon.com Inc. began quietly evaluating a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, known today as Amazon Prime Video. Based in Portland, Ore., Elemental made software for compressing massive video files and formatting them for different devices. Its technology had helped stream the Olympic Games online, communicate with the International Space Station, and funnel drone...
Read More