CVE-2019-15846: Exim Mail Transfer Agent Vulnerable to Buffer Overflow Attack
IntroductionThe Exim mail transfer agent (MTA)/mail server is an open source service used on Unix-like operating systems. Exim can be used as substitutes for common mail servers such as Gmail and ...
CVE-2019-9506: Bluetooth Devices Vulnerable to Key Negotiation of Bluetooth (KNOB) Attacks
IntroductionOn August 14, 2019, a cybersecurity research team comprised of Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen, released a paper regarding a flaw in how Bluetooth enabled ...
Travel industry booking websites’ vulnerabilities compromise user’s data
On April 9, 2019 security researcher Candid Wuees disclosed on vulnerabilities that allowed malicious users to compromise customer booking data in the hotel industry. These vulnerabilities affect ...
Phone security application vulnerabilities compromises devices
On April 4, 2019 researchers at Check Point Research found vulnerabilities in the preinstalled security app, Guard Provider, that affects devices from Xiaomi phones. Xiaomi is the third largest ...
3rd party car alarms make vehicles susceptible to theft
On March 8, 2019 security researchers at Pen Test Partners disclosed vulnerabilities found in the application programming interface (API) of Viper, and Pandora 3rd party car alarm systems. The ...
IBM Cloud vulnerability allows for backdoor on bare metal servers
Researchers at Eclypsium on February 26, 2019 reported on a vulnerability in International Business Machines (IBM) Softlayer--now IBM Cloud--that allowed for a malicious user to plant a backdoor on ...
WordPress vulnerability allows attacker to gain full remote access of server
On February 19, 2019 security researchers at RIPS Technologies found a vulnerability in WordPress that allowed an attacker who had author privileges to execute arbitrary hypertext preprocessor ...
Snapd vulnerability allows for privilege escalation on popular Linux distributions
On February 13, 2019 security researcher Chris Moberly from The Missing Link disclosed a privilege escalation possibility within the snapd service that allowed for a local user to elevate privileges ...
Popular RDP client vulnerabilities allows a remote system to be compromised
On February 5, 2019 researchers at Check Point Research disclosed 25 vulnerabilities in 3 popular Remote Desktop Protocol (RDP) clients: mstsc.exe, FreeRDP, and rdesktop. These vulnerabilities ...
iPhone vulnerability allows attackers to spy on contacts
On January 28, 2019, security engineer Brandon Arvanaghi discovered a flaw in the iPhone that allowed for an attacker to receive audio and video feed from another iPhone victim when initiating a ...