What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in security vulnerability

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

The malware takes aim at PostgreSQL database servers with never-before-seen techniques. An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers . . . Read more

Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution

A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices found in hospitals, from MRI machines to surgical imaging.

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also . . . Read more

Cayman Islands Bank Records Exposed in Open Azure Blob

An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle . . . Read more

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this . . . Read more

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application . . . Read more

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security . . . Read more

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW. Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated . . . Read more