Cybersecurity Highlights

0day vulnerability exploited in General Bytes

General Bytes, a global provider of Bitcoin ATMs, has been the victim of a cyber-attack that exploited a 0day vulnerability in the CAS (computer algebra system) administrator interface.According to...

References:

generalbytes.atlassian.net

diariobitcoin.com

cointelegraph.com

es.gizmodo.com

businessinsider.es

unaaldia.hispasec.com

Tags:

5400 rpm hard disks vulnerable to sound frequencies in a song

Raymond Chen, a software engineer at Microsoft, has published a post with information about a vulnerability that is capable of crashing certain laptop models when playing certain sound frequencies,...

References:

devblogs.microsoft.com

bleepingcomputer.com

genbeta.com

elmundo.es

20minutos.es

larazon.es

Tags:

Vulnerability

Twitter confirms a vulnerability that has affected the data of its users

The company Twitter, on an official statement published on its website, from the privacy center, has reported an incident that has allowed the theft of data from some of its user accounts. The...

References:

privacy.twitter.com

abcnews.go.com

economictimes.indiatimes.com

elespanol.com

lavozdegalicia.es

engadget.com

Tags:

2022 CWE Top 25: the most dangerous software weaknesses

The Homeland Security Systems Engineering and Development Institute (HSSEDI) has published the Common Weakness Enumeration (CWE) list of the 25 most dangerous software weaknesses of 2022. That list...

References:

cwe.mitre.org

cisa.gov

threatadvice.com

securitynewspaper.com

Tags:

Vulnerability

Cryptographic flaw in ECDSA implementation in Java

The Elliptic Curve Digital Signature Algorithm (ECDSA), used in Java and Oracle to digitally sign messages and data to verify the authenticity and integrity of content, is vulnerable due to a...

References:

neilmadden.blog

unaaldia.hispasec.com

media.cert.europa.eu

jfrog.com

blog.ehcgroup.io

nakedsecurity.sophos.com

thehackernews.com

Tags:

Encryption

Tool

Vulnerability

API Threat Research: SSRF on FinTech Platforms

Salt Security researchers discovered a server-side request forgery (SSFR) vulnerability in an API embedded in many FinTech platform banking systems, which could potentially have compromised...

References:

salt.security

threatpost.com

thecybersecurity.nwes

oodaloop.com

infosectoday.com

websecurity.agency

Tags:

Researchers use decommissioned satellite to retransmit pirate television

A group of researchers have been granted permission since last year to access and transmit from the disused Anik F1R satellite, launched in support of television broadcasting in 2005 and designed...

References:

wired.com

adslzone.net

espanol.news.

noticiasmoviles.com

Tags:

Other critical infrastructures

Vulnerability

Six US states hit by China-based cyberattack

Cybersecurity firm Mandiant uncovered evidence of data exfiltration by the Chinese hacking group known as 'APT41', which targeted US state governments between May 2021 and February 2022.The events...

References:

mandiant.com

wired.com

theverge.com

techcrunch.com

threatpost.com

computing.co.uk

Tags:

Other critical infrastructures

Public administration

Vulnerability

API requests not authenticated by mobile device monitoring services

Consumer spyware is often sold under the guise of child or family surveillance software, but is also known as stalkerware because of its ability to track and monitor.The website TechCrunch...

References:

techcrunch.com

cert.org

yahoo.com

adexchanger.com

Tags:

Cyberattack on Vodafone in Portugal affects 4 million users

Vodafone Portugal has been the victim of a cyberattack that has affected voice, data, television, SMS and voice/digital response services, although they have no evidence that customer data has been...

References:

vodafone.pt

eldiario.es

20minutos.es

swissinfo.ch

reuters.com

hispasec.com

Tags:

Cybercrime

Incident

Internet

Other critical infrastructures

Vulnerability

Corporate access

Cybersecurity Highlights

0day vulnerability exploited in General Bytes

5400 rpm hard disks vulnerable to sound frequencies in a song

Twitter confirms a vulnerability that has affected the data of its users

2022 CWE Top 25: the most dangerous software weaknesses

Cryptographic flaw in ECDSA implementation in Java

API Threat Research: SSRF on FinTech Platforms

Researchers use decommissioned satellite to retransmit pirate television

Six US states hit by China-based cyberattack

API requests not authenticated by mobile device monitoring services

Cyberattack on Vodafone in Portugal affects 4 million users

Pages