Phone security application vulnerabilities compromises devices

On April 4, 2019 researchers at Check Point Research found vulnerabilities in the preinstalled security app, Guard Provider, that affects devices from Xiaomi phones. Xiaomi is the third largest mobile phone vendor in the world, behind Samsung and Apple, affecting up to 150 million devices Continue Reading

3rd party car alarms make vehicles susceptible to theft

On March 8, 2019 security researchers at Pen Test Partners disclosed vulnerabilities found in the application programming interface (API) of Viper, and Pandora 3rd party car alarm systems. The vulnerabilities found in both systems allowed an attacker to: Locate vehicles in real time Identify types Continue Reading

IBM Cloud vulnerability allows for backdoor on bare metal servers

Researchers at Eclypsium on February 26, 2019 reported on a vulnerability in International Business Machines (IBM) Softlayer–now IBM Cloud–that allowed for a malicious user to plant a backdoor on servers. This backdoor would allow a malicious user to manage the server hardware after the use Continue Reading

WordPress vulnerability allows attacker to gain full remote access of server

On February 19, 2019 security researchers at RIPS Technologies found a vulnerability in WordPress that allowed an attacker who had author privileges to execute arbitrary hypertext preprocessor (PHP) code to gain full remote access of the server. Disclaimer: this report is a synthesis of the Continue Reading

Snapd vulnerability allows for privilege escalation on popular Linux distributions

On February 13, 2019 security researcher Chris Moberly from The Missing Link disclosed a privilege escalation possibility within the snapd service that allowed for a local user to elevate privileges to root by exploiting a code vulnerability, known as Dirty_Sock and CVE-2019-7304, that improperly establishes Continue Reading

Popular RDP client vulnerabilities allows a remote system to be compromised

On February 5, 2019 researchers at Check Point Research disclosed 25 vulnerabilities in 3 popular Remote Desktop Protocol (RDP) clients: mstsc.exe, FreeRDP, and rdesktop. These vulnerabilities allowed for compromise of a RDP client through a malicious RDP server, including remote code execution and compromising the Continue Reading

Google search vulnerability allows forging of faulty Google search links

On January 7, 2019 cybersecurity professional Wietze Beukema reported a vulnerability in the Knowledge Graph of the Google search which allowed for the crafting of Google search uniform resource locators (URLs) with dubious results. This vulnerability allowed for a malicious person to create and send Continue Reading

Did China secretly install microchips to spy on U.S. companies?

What happened? Bloomberg reports that San Jose based company Supermicro implanted microchips on server motherboards.  Over 30 U.S. companies were reported to be affected, including Apple and Amazon, who both deny these claims. What is it? An ongoing investigation that started over 3 years ago Continue Reading