Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users’ personal data. Check Point Research analysts have discovered multiple vulnerabilities in the TikTok video sharing app that could have enabled attackers to manipulate users’ videos and access personal information. ByteDance, the developer behind
The industry’s fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users. Too often, the human element of security is ignored or overlooked. As Martijn Grooten has pointed out, humans are features, not bugs, in information security. It’s past time we acknowledged this reality and focus on
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker. US-CERT has issued an advisory for vulnerabilities in Medtronic’s Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, officials report. The advisory details three vulnerabilities.
The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild. Microsoft today issued its April batch of security fixes, which patches 74 vulnerabilities including two Windows zero-days under active attack. CVE-2019-0803 and CVE-2019-0859 both patch Windows elevation of privilege bugs found exploited in the wild. Microsoft describes
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations. Newly discovered security bugs in Lifesize videoconferencing products can be remotely exploited, giving attackers the ability to spy on a target organization or attack other devices. Trustwave SpiderLabs security researcher Simon Kenin found
This month’s security update includes seven patches ranked Critical and one publicly known vulnerability. Microsoft’s first Patch Tuesday update of 2019 primarily tackles remote code execution (RCE) vulnerabilities, with nearly half of 47 total fixes focusing on RCE. Businesses are also urged to apply a December out-of-band Internet Explorer patch after active attacks in the
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment. Researchers discovered 53 new and critical vulnerabilities in Adobe Reader over the course of 50 days by using common Windows fuzzing framework WinAFL, new analysis shows. The number of new vulnerabilities reported in 2017 was about