flaw
Latest
Coinbase hackers exploit multi-factor flaw to steal from 6,000 customers
Bad actors were able to steal cryptocurrency from around 6,000 Coinbase customers by exploiting a multi-factor authentication flaw.
OKCupid security flaws could have given hackers access to user accounts
Security researchers discovered vulnerabilities in OKCupid's website and dating apps.
South Korea's self-isolation app had a serious security flaw
More than 160,000 people have downloaded the app designed to help arrivals to South Korea stay in quarantine.
WhatsApp was exposing users' phone numbers in Google search
WhatsApp claims it fixed an issue that was showing users’ phone numbers in Google search results.
Qatar’s contact tracing app put over one million people’s info at risk
A security flaw in Qatar’s contact tracing app put the personal information of more than one million people at risk.
Thunderbolt flaw lets hackers steal your data in 'five minutes'
Attackers can steal data from Thunderbolt-equipped PCs or Linux computers, even if the computer is locked and the data encrypted, according to security researcher Björn Ruytenberg.
Server screw-up exposes Clearview’s facial recognition AI software
learview AI is widely seen as a privacy nightmare by the public and even privacy-challenged tech giants like Google. Now, the company has shown that it can’t even take care of its own data, according to a report from TechCrunch. It managed to expose its source code to anyone with an internet connection due to a server misconfiguration, as spotted by a security researcher at the Dubai-based firm SpiderSilk.
Boeing finds two more 737 Max software flaws
Boeing has identified two more software flaws in its 737 Max aircraft, Reuters reports. The planemaker is working to fix one issue that involves “hypothetical faults” in the flight control computer microprocessor.
Researchers discover that Intel chips have an unfixable security flaw
Security researchers have discovered another flaw in recent Intel chips that, while difficult to exploit, is completely unpatchable. The vulnerability is within Intel's Converged Security and Management Engine (CSME), a part of the chip that controls system boot-up, power levels, firmware and, most critically, cryptographic functions. Security specialists Positive Technologies have found that a tiny gap in security in that module that could allow attackers to inject malicious code and, eventually, commandeer your PC.
Boeing found another software bug on the 737 Max
Boeing is working to fix yet another software bug on its 737 Max, Bloomberg reports. The glitch involves an indicator light for the "stabilizer trim system," which helps raise and lower the plane's nose. The light was turning on when it wasn't supposed to. Boeing is already resolving the problem, and it still expects the 737 Max to resume flying by mid-2020.
Google spent a record sum rewarding researchers for hacking its products
Google is not messing around when it comes to its bug bounty program. Last year it paid out $6.5 million to researchers that reported vulnerabilities -- almost double the $3.4 million paid out in 2018. The largest single award was for $201,337, which was given to Guang Gong of Alpha Labs, who discovered a major exploit on the Pixel 3.
Boeing finds another software flaw that might delay 737 Max's return
Boeing is dealing with another 737 Max software flaw that could prevent the troubled aircraft from returning to the skies, but this time it's not a safety issue. The company has confirmed that it's fixing a flaw preventing the 737 Max's flight control computers from starting up and verifying that they're ready for flight -- in other words, the airliner couldn't even take off. A spokesperson said Boeing was "working with the FAA" on submitting the fix and was informing partners, but didn't say when the updated software would be ready.
Microsoft is patching a major Windows 10 flaw discovered by the NSA (updated)
The IT world was waiting on pins and needles today for a high-profile Microsoft Windows 10 security patch, and now we know why. The US National Security Agency (NSA) acknowledged it has discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches, as reported initially by the Washington Post. That was backed by Krebs on Security, which reported that the NSA confirmed that it did find a major vulnerability that it passed on to Microsoft.
TikTok fixed a flaw that could have exposed user accounts
TikTok has been the subject of national security concerns for some time, and now things are set to get a little more uncomfortable for the company. According to cybersecurity company Check Point, the popular app had serious vulnerabilities that could have allowed hackers to obtain personal information and manipulate user data.
Twitter flaw let a researcher match 17 million phone numbers with users (updated)
Yes, it's another Twitter security issue in the space of just a few days. Security researcher Ibrahim Balic told TechCrunch that Twitter's Android app had a flaw that allowed him to match 17 million phone numbers with their respective user accounts. While Twitter's contact upload feature doesn't allow phone number lists in sequential format, Balic discovered that he could generate phone numbers, randomize them and upload them to Twitter to learn who used a given number.
LastPass patched a bug that could have exposed your passwords
If you use LastPass to manage your passwords, now would be a good time to make sure you're running the latest version, 4.33.0. As Gizmodo reports, LastPass recently patched a bug that could have been used to compromise users' security credentials. The patch should have arrived automatically, but as a precaution, it's worth making sure you're running the September 12th update.
Massive biometric security flaw exposed more than one million fingerprints
A biometrics system used by banks, UK police and defence companies has suffered a major data breach, revealing the fingerprints of more than one million people as well as unencrypted passwords, facial recognition information and other personal data.
EA patched Origin security flaws that put millions of users at risk
EA patched flaws in its Origin platform that could have enabled hackers to hijack and exploit millions of users' accounts. The vulnerabilities were spotted by Check Point Research and CyberInt, and once exploited, they could have allowed player account takeover and identity theft. The cybersecurity companies alerted EA, which was quick to take action.
First American security flaw leaked 885 million real estate documents
First American Financial Corporation left as many as 885 million real estate documents dating as far back as 2003 exposed, according to Krebs on Security. The company, one of the largest real estate title insurance firms in the US, has already fixed the vulnerability as of Friday afternoon after the security researcher notified it of the flaw. Before the patch rolled out, however, anybody armed with a link to one of the documents hosted on its website could simply change a single digit in the URL to access somebody else's files. The documents didn't require a password or any kind of authentication.
Bird strike may have triggered software issue in second 737 Max crash
Investigators might know what triggered the software panic aboard an Ethiopian Airlines 737 Max before its fatal crash, and it could be something Boeing considered months earlier. Unnamed officials talking to the Wall Street Journal claim that US aviation overseers "increasingly believe" that a bird collision may have sent flawed sensor data, leading to the jet's anti-stall code automatically pushing the nose down. Black box recordings show that a sensor was "sheared off" or otherwise broken soon after takeoff, experts said.
