Security

Researchers say they discovered eight security flaws in the way Android handles voice calls through the Internet. Unlike most such bugs which involve specific apps, these problems were with Android itself.

The good news is that the researchers reported all of the bugs to Google while carrying out the project and most have now been fixed. However, it does raise concerns about the development and design of the system itself. (Source: github.io)

Attackers are exploiting a zeroday vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night.

The upcoming HITB+ CyberWeek, which will take place at the Emirates Palace in Abu Dhabi on October 12–17, 2019, will see hackers and cybersecurity practitioners participate in many CTF-style competitions, but none as exciting as The Standoff.

In less than a month, Hack In The Box is launching its biggest global event: HITB+CyberWeek 2019. It is a week-long gathering (October 12-17, 2019, at Emirates Palace, Abu Dhabi) that will bring together the world’s top cyber security experts to share and discuss their latest knowledge, ideas and techniques with security professionals and students.

Two rogue employees of Malaysian e-commerce services provider GoQuo have been identified as the culprits behind a security breach that compromised the personal data of Malindo Air and Thai Lion Air passengers. The Malaysian and Thai airlines are subsidiaries under Indonesia's low-cost carrier group, Lion Air.

 Apple has been forced to rush out an update to the latest version of its iOS operating system today after bugs left users with a number of problems, including one that could allow hackers to access contacts on locked phones.

The new operating system launched alongside the iPhone 11 and 11 Pro phones last week, bringing a new dark mode, redesigned Photos app, and security features reflecting the company's recent focus on privacy.

Hackers widely believed to work for North Korea’s hermit government have developed a new strain of malware that steals data used at automatic teller machines in India, researchers from Kaspersky Lab said on Monday.

A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis.

The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that Gutenberg fails to filter a post’s JavaScript/HTML code if there’s a “Shortcode” error message.

This post is about an account takeover vulnerability on Uber which allowed attackers to take over any other user’s Uber account (including riders, partners, eats) account by supplying user UUID in the API request and using the leaked token in the API response to hijack accounts. I was able to enumerate any other Uber’s user UUID by supplying their phone number or email address in another API request.