BayPay Members Blogs

This additional resource is sponsored by The BayPay Forum.

Facebook Stored Passwords of Hundreds of Millions Users in Plain Text

view counter
Facebook today admitted to have stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users.  The social platform...
Continue reading
  0 Comments
0 Comments

How Three of 2018's Critical Threats Used Email to Execute Attacks

view counter
History Tends to Repeat Itself - Attackers Repurpose Tried and Tested Methods to Launch Attacks Research by The Radicati Group shows that email remains the most ubiquitous form of business communications,...
Continue reading
  0 Comments
0 Comments

Multiple Vulnerabilities Patched in PuTTY and LibSSH2

view counter
PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version...
Continue reading
  0 Comments
0 Comments

Facebook Pays Big Bounty for DoS Flaw in Fizz TLS Library

Facebook Fizz vulnerability
view counter
While Facebook’s bug bounty program does not typically cover denial-of-service (DoS) vulnerabilities, the social media giant has decided to award a significant bounty for a serious flaw affecting Fizz, its open...
Continue reading
  0 Comments
0 Comments

FIN7 Hackers Use New Malware in Recent Attacks

view counter
The financially-motivated hacking group FIN7 has used new malware samples in a recent attack campaign, Flashpoint security researchers warn.  Operating since at least 2015, the cybercrime gang has been mainly focused...
Continue reading
  0 Comments
0 Comments

Finland to Investigate Suspected Nokia Chinese Data Breach

view counter
Finnish authorities will launch an investigation into claims that Nokia phones have been transmitting users' personal data to China, the country's data protection ombudsman announced on Thursday. "Based on our initial...
Continue reading
  0 Comments
0 Comments

Securing Industrial IoT in the Modern World

view counter
Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft –...
Continue reading
  0 Comments
0 Comments

Many Vulnerabilities Found in Oracle's Java Card Technology

Oracle Java Card vulnerabilities
view counter
Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this...
Continue reading
  0 Comments
0 Comments

Schneider Electric Working on Patch for Flaw in Triconex TriStation Emulator

view counter
A serious denial-of-service (DoS) vulnerability has been found in Schneider Electric’s Triconex TriStation Emulator software. The vendor has yet to release a patch, but assured customers that the flaw does not...
Continue reading
  0 Comments
0 Comments

The ‘Katz’ Out of the Bag: Catching Mimikatz With Anomaly Detection

view counter
Mimikatz Has Become a Lethal Weapon for Attackers Seeking to Move Laterally Inside Corporate and Government Networks The origin story of Mimikatz — a post-exploitation module that has enabled criminals to...
Continue reading
  0 Comments
0 Comments

Apple, Oracle, VMware Software Hacked at Pwn2Own 2019

Pwn2Own 2019
view counter
Apple’s Safari web browser and the Oracle VirtualBox and VMware Workstation virtualization products were hacked on the first day of the Pwn2Own 2019 hacking competition, earning researchers a total of $240,000...
Continue reading
  0 Comments
0 Comments

Researchers Use UPnP Protocol to Unmask IPv6 Address

view counter
Cisco Talos security researchers were able to leverage properties of the Universal Plug and Play (UPnP) protocol to unmask the IPv6 address of specific IPv4 hosts. Comparative scans of discovered hosts...
Continue reading
  0 Comments
0 Comments

Windows Hello Support Added to Firefox 66

view counter
Mozilla this week released Firefox 66 with support for Windows Hello for Web Authentication on Windows 10, as well as with patches for 21 vulnerabilities.  The newly added support for Windows...
Continue reading
  0 Comments
0 Comments

Multiple Vulnerabilities Fixed in CUJO Smart Firewall

view counter
Vulnerabilities recently addressed by CUJO AI in the CUJO Smart Firewall could be exploited to take over the device, Cisco Talos security researchers reveal.  Based on a Linux-based operating system running a kernel...
Continue reading
  0 Comments
0 Comments

Authentication Bypass Vulnerability Found in SoftNAS Cloud

view counter
A security firm's Vulnerability Research Team (VRT) found and reported a vulnerability in SoftNAS Cloud data storage. SoftNAS fixed the vulnerability last week, and details of the vulnerability are now being...
Continue reading
  0 Comments
0 Comments

Vulnerability in NSA's Reverse Engineering Tool Allows Remote Code Execution

view counter
A vulnerability in Ghidra, the generic disassembler and decompiler released by the National Security Agency (NSA) in early March , could be exploited to execute code remotely, researchers say.  The flaw,...
Continue reading
  0 Comments
0 Comments

Man Pleads Guilty Over $100M BEC Scheme Targeting Google, Facebook

view counter
A 50-year-old Lithuanian citizen has pleaded guilty over his role in a business email compromise (BEC) scheme in which Google and Facebook employees were tricked into wiring a total of more...
Continue reading
  0 Comments
0 Comments

Google Photos Flaw Allowed Hackers to Track Users

view counter
Google recently patched a vulnerability in its Photos service that could have been exploited via browser-based timing attacks to track users, Imperva revealed on Wednesday. Google Photos allows users to store,...
Continue reading
  0 Comments
0 Comments

European Government Websites Are Delivering Tracking Cookies to Visitors

view counter
Governments within the European Union appear to be flouting their own GDPR laws. Many official government websites are harboring and delivering tracking cookies from the ad tech industry even though they...
Continue reading
  0 Comments
0 Comments

Norsk Hydro Restoring Systems, But Not Paying Ransom

More details emerge on the Norsk Hydro hack
view counter
Norwegian metals and energy giant Norsk Hydro is working on restoring systems after being hit by ransomware , but the company says it does not plan on paying the hackers. Norsk...
Continue reading
  0 Comments
0 Comments