The window to exchange $HAI for Hacken Equity Shares ($HES) is now open > Claim your spot today
Weekly News Digest #21
By Hacken
Adobe Flaw Vulnerability Hovers Widows Users
Windows Users were prevented from a critical Adobe flaw from which hackers benefit.
In their Tuesday’s notification, Adobe mentioned their vulnerability (CVE-2021-21017)in “limited attacks”.
Such an error occurs as a result of memory overwhelming with dynamic variables. If a buffer-overflow happens, it leads to the incorrect behavior of a program.
The weakness of the system could provoke the arbitrary code input on affected systems.
TikTok had barely avoided phishing attacks
The extremely popular video-sharing platform TikTok appeared to be vulnerable to hacker attacks. Many users could have suffered from phone numbers, unique user IDs, and other phishing attacks.
TikTok is possessed by ByteDance and attracts more than 800 million active users all over the world. The weak point was instantly fixed. The vulnerability was revealed in the feature “Find Friends”, allowing users to find and join their friends in the community.
To proceed with DDoS attack, the hacker should pass by the HTTP message signing mechanism. It is aimed at assuring the security of the app. Thus, the mechanism allows to prevent fakes of HTTP messages or modify the body of the HTTP request.
SIM-Swap Black Hat Hackers Robbed Americans On $100M
A band of SIM-swapping cybercriminals was caught red-handed. The gyps snaffled more than $100 million from American stars and their families all over Europe.
Europol reports that the police have already managed to catch eight people in addition to individuals in Belgium and Malta. However, some suspects are still on the loose.
SIM-swapping attack involves using stolen or phished personal data. Especially, the major thing for them is the mobile phone number, allowing cybercriminals to impersonate a target. Swindlers find disclosed info, reach the victim’s mobile carrier, and request porting the line to a different SIM card/device that they handle. Henceforth, all victims’ calls and texts forward to black hat hackers.
Wall Street Punishments Will Be Reduced Due To Investor Data Breach ‘Fatigue’
According to the new research, a cybersecurity incident froze the reaction of traders on Wall-Street data leaking.
Striving to make business operations better, customer relationships, and management, Wall Streat failed to protect data and keep cybersecurity. Consequently, the companies are still struggling with enormous risks to their share prices.
IBM reported that the detriment reaches $3.86 million and this is not the limit. In case of major security incidents, it could attain $392 million to restore breaches.
10-Year-Old Macos Bug Will Be Fixed
Critical sudo vulnerability in macOS Big Sur, Catalina, and Mojave will finally be debugged. Apple launched a fix allowing unauthenticated local users to gain root-level privileges on the system.
Apple security reported, that the local hacker could have benefited from the bug.”This issue was eliminated by updating to sudo version 1.9.5p2.
“Being built into most Unix and Linux systems, sudo utility for a user to access without security privileges and run a program with the credentials of another user.
Tracked as CVE-2021-3156 (also called “Baron Samedit”), the vulnerability was revealed first last month after security auditing firm Qualys confided in the existence of a heap-based buffer overflow, which was “hiding in plain sight” for almost 10 years.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.
