GO SMS Pro Android App Exposes Private Photos, Videos and Messages

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. Continue reading GO SMS Pro Android App Exposes Private Photos, Videos and Messages

Drupal Core: Behind the Vulnerability

Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. Continue reading Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW. Continue reading Nvidia Warns Windows Gamers of GeForce NOW Flaw

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Continue reading Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more. Continue reading Nvidia Warns Gamers of Severe GeForce Experience Flaws

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. Continue reading Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

Intel and Google are urging users to update the Linux kernel to version 5.9 or later. Continue reading Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices