Latest News

2020/08/11

TeamViewer Flaw Could Let Hackers Steal System Password Remotely

If you are using TeamViewer, then beware and make sure you're running the latest version of the popular remote desktop connection software for Windows.
TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password and eventually compromise it.
What's more worrisome is that the attack can be executed almost automatically without requiring much interaction of the victims and just by convincing them to visit a malicious web page once.
For those unaware, TeamViewer is a popular remote-support software that allows users to securely share their desktop or take full control of other's PC over the Internet from anywhere in the world.
2020/08/06

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts

Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account.
Uncovered in February by Thijs Alkemade, a security specialist at IT security firm Computest, the flaw resided in Apple's implementation of TouchID (or FaceID) biometric feature that authenticated users to log in to websites on Safari, specifically those that use Apple ID logins.
After the issue was reported to Apple through their responsible disclosure program, the iPhone maker addressed the vulnerability in a server-side update.
2020/08/06

High-Severity Android RCE Flaw Fixed in August Security Update

Google has released patches addressing a high-severity issue in its Framework component, which if exploited could enable remote code execution (RCE) on Android mobile devices.

Overall, 54 high-severity flaws were patched as part of Google’s August security updates for the Android operating system, released on Monday. As part of this, Qualcomm, whose chips are used in Android devices, patched a mix of high and critical-severity vulnerabilities tied to 31 CVEs.

The RCE flaw, the most serious of these flaws, exists in the Android Framework, which is a set of APIs – consisting of system tools and user interface design tools – that allow developers to quickly and easily write apps for Android phones.
2020/08/04

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants.
Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate limiting enabled "an attacker to attempt all 1 million passwords in a matter of minutes and gain access to other people's private (password protected) Zoom meetings."
2020/08/04

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server.
Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network connection at any given point in time.
But since measuring the time taken to execute cryptographic algorithms is crucial to carrying out a timing attack and consequently leak information, the jitter on the network path from the attacker to the server can make it impractical to successfully exploit timing side-channels that rely on a small difference in execution time.