security vulnerability – Page 2

GO SMS Pro Android App Exposes Private Photos, Videos and Messages

Posted on November 19, 2020 by Tara Seals

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. Continue reading GO SMS Pro Android App Exposes Private Photos, Videos and Messages→

Drupal Core: Behind the Vulnerability

Posted on November 19, 2020 by Dor Tumarkin

Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several interesting issues whose technical details are worth… Continue reading Drupal Core: Behind the Vulnerability→

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Posted on November 16, 2020 by Becky Bracken

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles. Continue reading Dating Site Bumble Leaves Swipes Unsecured for 100M Users→

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Posted on November 11, 2020 by Lindsey O'Donnell

Both Nvidia and Intel faced severe security issues this week – including a high-severity bug in Nvidia’s GeForce NOW. Continue reading Nvidia Warns Windows Gamers of GeForce NOW Flaw→

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

Posted on November 6, 2020 by Tara Seals

The shopping cart application contains a PHP object-injection bug. Continue reading WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug→

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

Posted on November 2, 2020 by Tara Seals

Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Continue reading Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape→

Containerd Bug Exposes Cloud Account Credentials

Posted on October 26, 2020 by Tara Seals

The flaw (CVE-2020-15157) is located in the container image-pulling process. Continue reading Containerd Bug Exposes Cloud Account Credentials→

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Posted on October 23, 2020 by Lindsey O'Donnell

Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more. Continue reading Nvidia Warns Gamers of Severe GeForce Experience Flaws→

Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE

Posted on October 14, 2020 by Tara Seals

The CVE-2020-5135 stack-based buffer overflow security vulnerability is trivial to exploit, without logging in. Continue reading Critical SonicWall VPN Portal Bug Allows DoS, Worming RCE→

Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices

Posted on October 14, 2020 by Lindsey O'Donnell

Intel and Google are urging users to update the Linux kernel to version 5.9 or later. Continue reading Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices→