Jump to content
Killersites Community
Sign in to follow this  
LSW

Current Threats

Recommended Posts

WordPress iOS App Bug Leaked Secret Access Tokens to Third-Party Sites

https://thehackernews.com/2019/04/wordpress-ios-security.html

Quote

 

If you have a "private" blog with WordPress.com and are using its official iOS app to create or edit posts and pages, the secret authentication token for your admin account might have accidentally been leaked to third-party websites.
 
WordPress has recently patched a severe vulnerability in its iOS application that apparently leaked secret authorization tokens for users whose blogs were using images hosted on third-party sites, a spokesperson for Automattic confirmed The Hacker News in an email.
 
Discovered by the team of WordPress engineers, the vulnerability resided in the way WordPress iOS application was fetching images used by private blogs but hosted outside of WordPress.com, for example, Imgur or Flickr.
 
That means, if an image were hosted on Imgur and then when the WordPress iOS app attempted to fetch the image, it would send along a WordPress.com authorization token to Imgur, leaving a copy of the token in the access logs of the Imgur's web server.

 

 

 

Share this post


Link to post
Share on other sites

Millions of Facebook Records Found Unsecured on AWS

https://www.databreachtoday.com/millions-facebook-records-found-unsecured-on-aws-a-12337

Quote

 

Two third-party Facebook application developers exposed users' personal information by leaving the data exposed without a password in unsecured Amazon Web Services S3 buckets, researchers from the security firm UpGuard said Wednesday. One data set contained 540 million unsecured records, the report found. It's not clear how many users were affected.

For months, UpGuard researchers had attempted to contact the two companies about the exposed user data, but one firm did not remove the personally identifiable information from public view until Bloomberg contacted it about a story this week, UpGuard reports.
 
The second company has been out of business for several years, UpGuard found.
 
It's unclear if anyone attempted to access or steal this data before it was discovered, a UpGuard spokeswoman tells Information Security Media Group. It's also not known how long that data was stored without a password within AWS.

 

 

Share this post


Link to post
Share on other sites

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released

https://thehackernews.com/2019/04/verizon-wifi-router-security.html

Quote

A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.

 

Share this post


Link to post
Share on other sites

Popular Video Editing Software Website Hacked to Spread Banking Trojan

https://thehackernews.com/2019/04/free-video-editing-malware.html

Quote

 

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer.
 
The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once again.
 
According to a new report Dr. Web published today and shared with The Hacker News, hackers hijacked the VSDC website and replaced its software download links leading to malware versions, tricking visitors into installing dangerous Win32.Bolik.2 banking trojan and KPOT stealer.
 
Even more ironic is that despite being so popular among the multimedia editors, the VSDC website is running and offering software downloads over an insecure HTTP connection.

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×