[ANN][ICO] HEROIC.com 🚀Decentralized Cybersecurity Powered by AI [PRESALE LIVE]

[ChiNgadOr]

Unpatched Ethereum clients could pose risk of 51% attack, says report

A significant number of unpatched nodes were found in popular clients such as Parity-Ethereum and Geth.
Attackers could leverage these vulnerable nodes to carry out 51 percent attacks.
Ethereum may be the second most-favorite among blockchain users but research has uncovered serious security vulnerabilities found across the platform. As per a blog published by Security Research Labs, vulnerabilities in the Ethereum ecosystem were mainly due to unpatched nodes in the network. These nodes were of popular clients such as Parity-Ethereum and Geth.

https://cyware.com/news/unpatched-ethereum-clients-could-pose-risk-of-51-attack-says-report-c866c056

[ChiNgadOr]

Over 49 Million Records Belonging to Instagram Influencers Exposed Due to Unprotected AWS bucket

The database contained public data scraped from Instagram accounts including their bio, profile picture and the number of followers.
The database also leaked private contact information of some Instagram account owners.
An unprotected AWS bucket has exposed over 49 million records of Instagram influencers on the internet. The affected individuals include celebrities, food bloggers and brand accounts.

https://cyware.com/news/over-49-million-records-belonging-to-instagram-influencers-exposed-due-to-unprotected-aws-bucket-6b94d653

[ChiNgadOr]

Another zero-day vulnerability discovered in Windows 10

A security researcher known as ‘SandboxEscaper’ revealed this new zero-day and also publoshed an exploit code.
The vulnerability could be abused by malware or by malicious actors logged into Windows 10 systems, to gain admin-level privileges.
A new zero-day vulnerability in Windows 10 has been revealed online. The vulnerability was disclosed by a bug hunter called ‘SandboxEscaper’, who had earlier exposed other Windows zero-day flaws. This recent one is a privilege escalation vulnerability, which upon successful exploitation, can allow attackers to take full control of Windows 10 systems.

[ChiNgadOr]

Mobile browsers of Chrome, Firefox, and Safari failed to warn phishing attacks for over a year

An academic research project revealed that the mobile browsers, from mid-2017 to the end of 2018, did not alert users about phishing pages.
Browsers that used the Google Safe Browsing blacklist service were the ones impacted.
It has been discovered that mobile applications of Chrome, Firefox, and Safari were not warning users of impeding phishing attacks from dangerous websites. A research project put forth by academics from Arizona State University in collaboration with PayPal unearthed the issue

https://cyware.com/news/mobile-browsers-of-chrome-firefox-and-safari-failed-to-warn-phishing-attacks-for-over-a-year-d16d013b

[ChiNgadOr]

Siemens Healthineers impacted by BlueKeep vulnerability

The impacted software products include MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo, and teamplay.
The impacted advanced therapy products include System ACOM, Sensis and VM SIS Virtual Server.
What is the issue?

Several medical products made by Siemens Healthineers are impacted by a recently patched Windows vulnerability dubbed ‘BlueKeep’.

https://cyware.com/news/siemens-healthineers-impacted-by-bluekeep-vulnerability-61fcf727

[ChiNgadOr]

Nearly one million Windows systems are vulnerable to the recently patched BlueKeep vulnerability

The flaw is described as a wormable unauthenticated remote code execution flaw in Remote Desktop Protocol (RDP) services.
The flaw has the potential to cause destructions similar to the 2017’s WannaCry, NotPetya, and Bad Rabbit ransomware attacks.
New research has revealed that nearly one million Windows PCs are vulnerable to the recently patched BlueKeep vulnerability. Earlier, it was believed that there were nearly 7.6 million Windows systems impacted by the flaw.

https://cyware.com/news/nearly-one-million-windows-systems-are-vulnerable-to-the-recently-patched-bluekeep-vulnerability-5a12082f

[ChiNgadOr]

Remote code execution flaw detected in Microsoft’s Notepad text editor

As per Project Zero’s vulnerability disclosure policy, Microsoft has to release a patch within 90 days of discovery of the flaw.
Failing to release a patch within the given timeline, will result in the disclosure of technical details of the flaw.
Microsoft’s Notepad text editor has been found to be vulnerable to a newly discovered remote code execution flaw.

https://cyware.com/news/remote-code-execution-flaw-detected-in-microsofts-notepad-text-editor-453ad196

[ChiNgadOr]

Over 2.3 billion sensitive business data were exposed online in the last 12 months

This is a 50% increase when compared to the 1.5 billion files exposed during 2017-18.
The United States exposed the most data, accounting for over 326 million files.
Misconfigured online file storage technologies have exposed more than 2.3 billion corporate files in the last 12 months. This is an increase of 50% when compared to the 1.5 billion files exposed during 2017-18.

https://cyware.com/news/over-23-billion-sensitive-business-data-were-exposed-online-in-the-last-12-months-7eb85f56

[ChiNgadOr]

Weare Police Department stolen data found for sale on the dark web

In a statement, town official disclosed that it was the victim of a malware attack launched between March 6-13, 2017.

The files that were set for sale were labeled ‘sex offender registration’, ‘payroll’ and ‘Chief Kelly employment agreement’.

https://cyware.com/news/weare-police-department-stolen-data-found-for-sale-on-the-dark-web-dc544d25