The Daily Swig

Security Vulnerability in Facebook’s Messenger Rooms Could Expose Users’ Private Photos and Videos

A security vulnerability in Facebook’s Messenger Rooms video chat feature meant attackers could access a victim’s private Facebook photos and videos, and submit posts, via their locked Android screen.

SIP protocol abused to trigger XSS attacks via VoIP call monitoring software

The vulnerability could lead to the exfiltration of data and traffic, the hijack of other administrator accounts, and the deployment of malware such as keyloggers, backdoors, and more.

US government launches first VDP for federal civilian agencies

The US Cybersecurity and Infrastructure Security Agency (CISA) has launched its first federal civilian security vulnerability disclosure program (VDP) in partnership with Bugcrowd.

Dual vulnerability combo in popular CMS Joomla could lead to full system compromise

Security researchers have revealed the details of two vulnerabilities in Joomla – the popular content management system – which, if chained together, could be used to achieve full system compromise.

Organizations without vulnerability disclosure policies failing to address researchers’ security warnings

Up to a third of all security flaws reported to organizations with no vulnerability disclosure policy (VDP) are not being patched due to failings in the disclosure process, a new report suggests.

Security vulnerability in Hyperkitty could expose private data

Hyperkitty, a web interface for the popular open source mailing list and newsletter management service Mailman, has patched a critical bug that revealed private mailing lists while importing them.

Critical zero-day vulnerabilities found in ‘unsupported’ Fedena school management software

Fedena, an open-source school and college management system, contains seven security vulnerabilities, including two critical vulnerabilities that can be exploited without authentication.

Apache Pulsar bug allowed account takeovers in certain configurations

The bug was initially reported as high severity. But Sijie Guo, a member of the Apache Pulsar Project Management Committee (PMC), told The Daily Swig that the real-world impact of the bug is minimal.

Gaming mod development platform Overwolf fixes bug that could allow RCE via chained exploit

Unauthenticated attackers can achieve RCE on vulnerable clients by combining a reflected cross-site scripting (XSS) bug with a Chromium Embedded Framework (CEF) sandbox escape.

EPUB Vulnerabilities in Electronic Reading Systems Lead to Risk of User Data Exposure

The EPUB format relies primarily on XHTML and CSS to construct e-books, with browser engines often used to render their contents, which leads to browser-like vulnerabilities.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags