Attackers are exploiting a zeroday vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night.
The upcoming HITB+ CyberWeek, which will take place at the Emirates Palace in Abu Dhabi on October 12–17, 2019, will see hackers and cybersecurity practitioners participate in many CTF-style competitions, but none as exciting as The Standoff.
Attackers and defenders to face off in digital metropolis security challenge featuring real-world critical infrastructure and technologies in a challenge called "The Standoff."
In less than a month, Hack In The Box is launching its biggest global event: HITB+CyberWeek 2019. It is a week-long gathering (October 12-17, 2019, at Emirates Palace, Abu Dhabi) that will bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students.
Two rogue employees of Malaysian e-commerce services provider GoQuo have been identified as the culprits behind a security breach that compromised the personal data of Malindo Air and Thai Lion Air passengers. The Malaysian and Thai airlines are subsidiaries under Indonesia's low-cost carrier group, Lion Air.
Apple has been forced to rush out an update to the latest version of its iOS operating system today after bugs left users with a number of problems, including one that could allow hackers to access contacts on locked phones.
The new operating system launched alongside the iPhone 11 and 11 Pro phones last week, bringing a new dark mode, redesigned Photos app, and security features reflecting the company's recent focus on privacy.
Hackers widely believed to work for North Korea’s hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday.
A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis.
The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that Gutenberg fails to filter a post’s JavaScript/HTML code if there’s a “Shortcode” error message.
This post is about an account takeover vulnerability on Uber which allowed attackers to take over any other user’s Uber account (including riders, partners, eats) account by supplying user UUID in the API request and using the leaked token in the API response to hijack accounts. I was able to enumerate any other Uber’s user UUID by supplying their phone number or email address in another API request.
Researchers at a security firm named AdaptiveMobile Security have issued a report (via TNW) about a new vulnerability nicknamed Simjacker that uses your phone's SIM card to spy on you. Because all makes and models of mobile phones can be used with Simjacker, over 1 billion handsets might be affected globally. The research firm says that it believes the vulnerability was developed by a private company that works with governments to monitor the locations of individuals around the world. The exploit also can help the attackers obtain the unique IMEI number belonging to each phone.
