The cybersecurity researchers at Morphisec have discovered recently a critical RCE vulnerability in VMware Workspace ONE Access that is being actively exploited by advanced hackers, and this critical flaw has been tracked as “CVE-2022-22954.” By exploiting CVE-2022-22954, the attackers are able to access the network environment initially.
“Since App Tracking Transparency was introduced last year with iOS 14.5, every iPhone and iPad app now has to ask users whether they want to be tracked or not. However, some developers have figured out new ways to keep tracking iOS users even when they opt out of being tracked by third-party apps. A new […]
Spyware installed after a WhatsApp message or iMessage on the phone of politicians, lawyers, and activists in order to know what they are saying, hearing, chatting, searching, etc. All types of government are buying such spying software but how to prevent that it is used in the wrong way?
The Hungarian Data Protection Authority has recently published its annual report in which it presented a case where the Authority imposed the highest fine to date of ca. EUR 670,000 (HUF 250 million). The case involved the personal data processing of a bank (acting as a data controller) which automatically analyzed the recorded audio of […]
Legoland Germany has leaked the data of thousands of customers via an IDOR vulnerability. Just adjusting a number in a URL was enough to download reservation data dating back to 2015. This includes period of stay, names and addresses of customers who made the reservation for Legoland, as well as the people who were with […]
The developers behind the speed camera app Speedcam Everywhere have come under fire from British users, who say the app leads to a surveillance state. The app turns smartphone users into a kind of walking speed camera. When users see or hear a car coming, they start the app and film the vehicle. The app […]
Palo Alto Networks warned customers yesterday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.Even though the OpenSSL […]
Attackers send phishing emails with a (non-)password-protected PDF purporting to be a faxed document or convincingly spoofed Microsoft OneDrive page. The automated email security scanner must extract the destination URL from a PDF document and solve the CAPTCHA. These conditions prevent email security scanners from detecting phishing URLs in attachments, or provides attachment previews allowing […]
Palo Alto Networks warned customers yesterday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago.Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched software.Even though the OpenSSL […]
Apple has not yet fixed zero-day exploits on macOS, leaving many Mac computers especially macOS Big Sur and macOS Catalina vulnerable, according to a new report. Two of the active zero-days Apple tackled include CVE-2022-22674 and CVE-2022-22675. The first exploit (CVE-2022-22674) is a ‘write bug’ that can allow malicious apps to execute arbitrary code. While […]