Flaw in popular VPN service may have exposed customer data

NordVPN praised its bug bounty program and said that a fix had been shipped within two days. NordVPN, one of the most popular virtual private network (VPN) services, has fixed a security flaw that is said to have exposed customers’ email addresses and other information. The security hole was linked to three payment platforms used by NordVPN … More Flaw in popular VPN service may have exposed customer data

Google: Flaws in Apple’s privacy tool could enable tracking

Safari’s anti-tracking feature could apparently give access to users’ browsing habits. An anti-tracking tool baked into Apple’s Safari web browser was found to contain flaws that, if abused, could enable the very thing that the tool was designed to prevent, according to a team of Google researchers. In a recently released report, the researchers disclosed multiple … More Google: Flaws in Apple’s privacy tool could enable tracking

Remote access flaws found in popular routers, NAS devices

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access. Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks. The devices ranged from units intended for the general public … More Remote access flaws found in popular routers, NAS devices

Microsoft warns of new BlueKeep‑like flaws

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10. Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by … More Microsoft warns of new BlueKeep‑like flaws

VLC player has a critical flaw – and there’s no patch yet

On the flip side, there are currently no known cases of the vulnerability being exploited in the wild. Germany’s national Computer Emergency Response Team (CERT-Bund) has issued a security advisory to alert users of VLC media player of a severe vulnerability affecting this extremely popular open-source software. “A remote, anonymous attacker can exploit the vulnerability in VLC … More VLC player has a critical flaw – and there’s no patch yet

Flaws in smart car alarms exposed 3 million cars to hijack

The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix. Two smart alarm systems for cars have plugged critical security holes that put three million vehicles globally at risk of being hijacked, research by Pen Test Partners reveals. If exploited, the vulnerabilities would have enabled anyone to turn the alarm … More Flaws in smart car alarms exposed 3 million cars to hijack