allowed
-
Federal Communications Commission chair Brendan Carr said companies looking for regulatory approval should “get busy ending any sort of their invidious forms of DEI discrimination,” according to an interview with Bloomberg. Carr reportedly brought up Paramount’s merger with Skydance, Verizon’s purchase of Frontier Communications, and T-Mobile’s plans to acquire most of US Cellular as potential…
-
AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked as CVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV). An attacker could trigger the flaw to load a malicious CPU microcode under specific conditions. “Improper…
-
TNSTC(Tamil Nadu State Transport Corporation) data breach — an interesting bug that allowed me to…
·
TNSTC(Tamil Nadu State Transport Corporation) data breach — an interesting bug that allowed me to view millions of personal records.During security testing of TNSTC, I previously shared a parameter tampering vulnerability that allowed me to book multiple tickets for just ₹1.Previous writeup link : https://medium.com/bugbountywriteup/how-i-found-a-ticket-booking-bug-that-allowed-me-to-travel-almost-for-free-in-tnstc-2c7aa23aebf6After successfully reporting that bug, I resumed my testing on the Android app. There was an…
-
WhatsApp has fixed a problem with its View Once feature, designed to protect people’s privacy with automatically disappearing pictures and videos.
-
In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers’ (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without…
-
In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services. The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account,…
-
Connected vehicles continue to increase in popularity with features such as remote access and start, but what if a hacker could access those same features to gain access to a car?
-
An air transport security system flaw allowed to bypass airport security screenings
-
Pikashow is a widely used app for streaming movies, TV shows, and live sports, offering a commonly used movie TV series and live sports streaming app. Pikashow offers a vast library of free content. But, many times it is problematic for users to download the Pikashow app or download videos from this application.
-
op-ed Microsoft will host a security summit next month with CrowdStrike and other “key” endpoint security partners joining the fun — and during which the CrowdStrike-induced outage that borked millions of Windows machines will undoubtedly be a top-line agenda item.
-
MalBot August 22, 2024, 10:55pm 1 Users could reportedly access data from private channels by instructing the AI to deliver a phishing link.
-
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on Mac users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the exploits.
-
Microsoft has released a patch for a bug for a “downgrade attack” that was recently revealed by researchers at security conferences Black Hat and Def Con.
-
Sonos smart speakers flaw allowed to eavesdrop on users
-
An anonymous reader quotes a report from TechCrunch: A group of researchers said they found that vulnerabilities in the design of some dating apps, including the popular Bumble and Hinge, allowed malicious users or stalkers to pinpoint the location of their victims down to two meters. In a new academic paper, researchers from the Belgian…
-
Apple has released security updates for many of its products in order to patch several vulnerabilities that could allow an attacker to steal sensitive information from a locked device.
-
EvilVideo, a Telegram Android zero-day allowed sending malicious APKs disguised as videos