Career Technology Cyber Security INDIA

Information Disclosure Vulnerability in Microsoft Open Enclave SDK ( CVE-2019-1370 ) Overview  A vulnerability has been reported in Microsoft Open Enclave SDK Which could lead to Disclosure of sensitive information in the context of the current user. Description An information disclosure vulnerability exists in microsoft Open Enclave SDK due to improper handling of objects in memory.  An  attacker could exploit this vulnerability by compromising the host application running the open Enclave.  Sucessful exploitation  of this vulnerability could allow an attacker to obtain informnation stored in the open Enclave.

The app was first introduced in March 2014 for iPhone's, followed on April 3 by a version for Android devices. In July 2015, Fire-Chat introduced private messaging. Until then, it had only been possible to post messages to public chatroom's. In May 2016, Fire-Chat introduced Fire-Chat Alerts to allow users to send push alerts during a specific time and place. This feature was aimed for aid workers doing disaster relief and was developed from a partnership with Marikina a city in the Philippines. Fire-Chat first became popular in 2014 in Iraq following government restrictions on internet use , and thereafter during the 2014 Hong Kong protests. In 2015, Fire-Chat was also promoted by protesters during the 2015 Ecuadorian protests . On September 11, 2015, during the pro-independence demonstration called Free Way to the Catalan Republic, Fire-Chat was used 131,000 times. Fire-Chat is a proprietary mobile app, developed by Open Garden, which uses wireless mesh netwo...

Multiple Vulnerabilities in Intel Products Multiple vulnerabilities have been reported in Intel products which could allow local attacker to escalate privileges, cause denial of service (DoS) conditions or access sensitive information on a targeted system. Description 1. Escalation of Privilege Vulnerability in Intel RST CVE-2019-14568 This vulnerability exists in the Intel Rapid Storage Technology (RST) due to improper handling of permissions by the affected software. An authenticated attacker could exploit this vulnerability through local access to the system. Successful exploitation of this vulnerability could allow the attacker to get escalated privileges on the targeted system. 2. Vulnerability in multiple Intel Processors (CVE-2019-14607) This vulnerability exists in multiple Intel Processors due to improper checking of conditions by the firmware. An attacker could exploit these vulnerabilities through local access to the targeted system. Successful exploitat...

Apple launching a bug bounty program for the bug hunters to show there skills into the field and get rewards for it.  The Researchers can report vulnerability in any product of the Apple like   iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago, Apple's bug bounty program was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system. However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple, announced the company's upcoming extended bug bounty program which included three main highlights: an enormous increase in the maximum reward from $200,000 to $1.5 million, accepting bug reports for all of its operating systems and latest hardware, opening the program for all researchers. Even after submitting a valid security bug, researchers need to follow some ...

IBM Cloud Park System Cross Site Script Vulnerability This vulnerability exists in IBM Cloud Park system fails to properly sanitize the user-supplied input. An attacker could exploit this  vulnerability to execute arbitrary Javascript code in the browser of an affected system Successful exploitation of this vulnerability could allow the attacker to embed arbitrary Javascript code in the Web UI thus Altering the intended functionally potentially leading to credentials disclosure within a trusted session.

When Google 'crashed' on asking this iPhone question A funny bug was reported yesterday (December 19) by Android smartphone users where if they wanted to search “what is iMessage” on Google, the app simply crashed.  We tried it on four different Android smartphones — Samsung Galaxy Note 10+, Asus ROG Phone II, OnePlus 7 Pro and Xiaomi Mi A3 — and just couldn’t ask about this popular iPhone feature on Google Search.  However, it did appear that Google had fixed the bug as after a couple of hours, we were able to search for “what is iMessage” on Android smartphones. This issue wasn’t restricted to India alone it seems. According to a report by Android Authority, Reddit users also pointed out the issue on their Android smartphones. A Reddit user who was facing the ‘issue’ explained in on the forum , “From my little 30-min testing, this is what I made out. This (the app crash) happens due to some internal function conflict between Google app's "web search" ...

Here are the Most Common Passwords Found From Breaches in 2019 Researchers analyzed data leaked in various data breaches to bring this study forward. Passwords ‘12345,’ ‘123456,’ and ‘123456789’ were the most common passwords, followed by ‘test1’ and, of course, the password ‘password’. A bunch of independent anonymous researchers composed a list of 200 most popular passwords that were leaked in data breaches during 2019 and shared it with security firm Nord Pass. The notorious Collections #1-5 breaches alone exposed 3 billion records. Weak password logic also included strings of letters forming a horizontal or vertical line on the keyboard, such as asdfghjkl, qazwsx, 1qaz2wsx, etc. The most obvious—‘password’— remained popular with 830,846 people still using it. Passwords ‘12345,’ ‘123456,’ and ‘123456789’ were the most common passwords, followed by ‘test1’ and, the password ‘password’. Passwords containing popular female names included Nicole, Jessica, Hannah, etc....