CVE-2020-12270

CVE-2020-12270 : Affects Bluezone 1.0.0 through the React Native Bluetooth Scan component. The root cause is use of insufficiently random values to generate six-character alphanumeric IDs, which could let a remote attacker interfere with COVID-19 contact tracing by issuing many IDs. Exploitation ...

CVE-2020-3888

CVE-2020-3888 affects Apple’s Web App component (iOS/iPadOS Safari/WebKit). Description: a logic issue where a malicious page could interfere with other web contexts. Root cause: improved restrictions address the logic issue. Impact: potential interference with other web contexts within Web App/W...

CVE-2020-3888

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4. A maliciously crafted page may interfere with other web contexts...

Code injection

A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists in Andover Continuum All versions, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data...

Insulet Omnipod Insulin Management System Access Control Error Vulnerability

Insulet Omnipod Insulin Management System is an insulin management system from Insulet USA. An Access Control Error vulnerability exists in the Insulet Omnipod Insulin Management System, which arises from a failure of the wireless RF communication protocol to properly implement authentication or...

Russia Doesn't Want Bernie Sanders. It Wants Chaos

The point of Kremlin interference has always been to find democracy’s loose seams, and pull...

"Distinguished Impersonator" Information Operation That Previously Impersonated U.S. Politicians and Journalists on Social Media Leverages Fabricated U.S. Liberal Personas to Promote Iranian Interests

In May 2019, FireEye Threat Intelligence published a blog post exposing a network of English-language social media accounts that engaged in inauthentic behavior and misrepresentation that we assessed with low confidence was organized in support of Iranian political interests. Personas in that...

Donald Trump Now Has the Senate GOP's Blessing to Undermine Democracy

After making it through a criminal investigation and political impeachment unscathed, Trump now has free rein to invite election interference and more...

Deepfakes laws and proposals flood US

In a rare example of legislative haste, roughly one dozen state and federal bills were introduced in the past 12 months to regulate deepfakes, the relatively modern technology that some fear could upend democracy. Though the federal proposals have yet to move forward, the state bills have found...

FBI Plans to Inform States of Election Breaches

The FBI has changed its policy around election cybersecurity and said it will now notify state officials in the event that local election systems are hacked. The move—revealed in a media briefing Thursday and then published online later that day—extends the number of election officials who are...

Deepfakes and LinkedIn: malign interference campaigns

Deepfakes haven't quite lost the power to surprise, but given their wholesale media saturation in the last year or so, there’s a sneaking suspicion in some quarters that they may have missed the bus. When people throw a fake Boris Johnson or Jeremy Corbyn online these days, the response seems to ...

CVE-2012-6070

Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may allow remote attackers to interfere with security checks...

Iran-linked Hackers Target Trump 2020 Campaign, Microsoft says

A group of hackers tied to Iran has been attempting to break into accounts associated with the 2020 reelection campaign of President Trump, researchers have discovered. Researchers from the Microsoft Threat Intelligence Center said they first observed activity from a group called Phosphorus in...

Trump’s Ukraine Mess Feels a Little Too Familiar

The unfolding drama ties two key threads of the Trump era: foreign interference in US elections and the president's distrust of his own intel agencies...

A week in security (September 9 – 15)

Last week on the Labs blog, we looked at free VPN offerings, how malware can hinder vital emergency services, and explored how the Heartbleed vulnerability is still causing problems. We also talked about a large FTC settlement involving Google, and how to keep an eye out for leaky AWS buckets...

CVE-2019-16214

Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author can enter the // sequence which introduces a...

Let's Destroy Democracy

Election security through an adversary's eyes By Matt Olney. Executive summary Over the past few years, Cisco Talos has increasingly been involved in election security research and support, most recently supporting the Security Service of Ukraine in their efforts to secure the two Ukrainian...

Building Resilience to Foreign Interference, Misinformation Activities

As part of the effort to Protect2020, the Cybersecurity and Infrastructure Security Agency CISA is working with national partners to build resilience to foreign interferences, particularly information activities e.g., disinformation, misinformation. The Department of Homeland Security DHS views...

Of hoodies and headphones: a spotlight on risks surrounding audio output devices

More than a decade ago, cardiologists from the Beth Israel Medical Center in Boston presented their findings at the American Heart Association AHA Scientific Sessions 2008 about MP3 headphones causing disruptions with heart devices—such as the pacemaker and the implantable cardioverter...

Design/Logic Flaw

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...