Zero Day: cPanel® & WHM® Vulnerability

Two-Factor Authentication Bypass Flaw Could Affect Over 70 Million Domains

San Antonio, TX – November 24, 2020Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account. Digital Defense’s internal testing demonstrated that an attack can be accomplished in minutes.

India Bans Another 43 Chinese Apps Over Cybersecurity Concerns

India is not done banning Chinese apps. The world’s second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps. From a report:

Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order,” said India’s IT Ministry in a statement. The ministry said it issued the order to block these apps “based on the comprehensive reports received from Indian Cyber Crime Coordination Center, Ministry of Home Affairs.” The apps that have been banned include popular short video service Snack Video, which had surged to the top of the chart in recent months, as well as e-commerce app AliExpress, delivery app Lalamove, and shopping app Taobao Live. At this point, there doesn’t appear to be any Chinese app left in the top 500 apps used in India.

The History of Cybersecurity | Avast

Many species evolve in parallel, each seeking a competitive edge over the other. As cybersecurity and technology have evolved, so have criminals and ‘bad actors’ who seek to exploit weaknesses in the system for personal gain – or just to prove a point. 

Security Intelligence Handbook Chapter 3: The Security Intelligence Lifecycle

November 24, 2020 • The Recorded Future Team

Editor’s Note: Over the next several weeks, we’re sharing excerpts from the third edition of our popular book, “The Security Intelligence Handbook: How to Disrupt Adversaries and Reduce Risk with Security Intelligence.” Here, we’re looking at chapter three, “The Security Intelligence Lifecycle.” To read the entire section, download your free copy of the handbook.

F3, a Stories-style Q&A app for Gen Z teens, raises $3.9M

F3, an anonymous Q&A app targeting Gen Z teens which blends a Tinder-style swipe-to-friend gamification mechanic, Stories-esque rich media responses and eye-wateringly expensive subscriptions to unlock a ‘Plus’ version that actually lets you see who wants to friend you — has raised a $3.9M seed round, including for a planned push on the US market.