Cyber Security News highlights this week
- Security experts warned about the possibility of attacks after Critical remote code execution vulnerability CVE-2018-11776 in Apache Struts 2 published on GitHub
- Researchers revealed that millions of Android mobile devices from 11 vendors are vulnerable to attacks carried out using AT commands
- Security experts devised a rogue USB charging cable named USBHarpoon that could use to hack a computer in just a few seconds
- T-Mobile suffered a security breach that may have exposed the personal information of up to 2 million T-mobile customers.
- Android application Fortnite is vulnerable which allows hackers to install malware
- Facebook patched a serious security vulnerability which permitted the remote execution of code by threat actors
- Facebook removed VPN app from the Apple store after getting complaints of data privacy violations
In-Short Overview:
The remote code execution vulnerability CVE-2018-11776 in Apache Struts affects Struts 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and potentially unsupported versions of the popular Java framework. Experts warned that this flaw could allow possible attacks.
Read More: Experts warned the possibility of attack after vulnerability CVE-2018-11776 of Apache Struts 2 published on GitHub (Security Affairs, Aug 27, 2018)
A team of security researchers discovered that millions of Android mobile devices from 11 vendors are vulnerable to attacks carried out through AT (ATention) commands. AT commands are a collection of short-string commands that developed in the early 1980s and were designed to be transmitted via phone lines and control modems.
Read More: Smartphones from 11 vendors are vulnerable to attacks through AT commands (Threat Post, Aug 27, 2018)
USBHarpoon which looks like a charging cable can hack your computer. The cable was modified to allow both data and power to pass through; in this way, it is impossible for a victim to note any suspicious behaviour.
Read More: USBHarpoon looks like charging cable that can hack into your computer (Latest Hacking News, Aug 27, 2018)
On 20th August, T-Mobile suffered a security breach that exposed the personal information of up to 2 million T-mobile customers. The attackers managed to access T-Mobile servers through an API. The leaked information was customers’ names, billing zip codes, phone numbers, email addresses and account numbers.
Read More: T-Mobile suffered a security breach that may have exposed the personal information of up to 2 million T-mobile customers (The Hacker News, Aug 23, 2018)
Fortnite Android application is vulnerable to a Man-In-The-Disk attack that could allow hackers to install Malware.
Read More: Critical Flaw in Fortnite Android App Lets Hackers Install Malware (The Hacker News, Aug 26, 2018)
Facebook patched serious security flaws in server remote code execution which permitted the remote execution of code by threat actors.
Read More: Facebook patched serious critical server remote code execution vulnerability (ZDNet, Aug 28, 2018)
Facebook removed its free mobile VPN app Onavo from the Apple store after receiving complaints of data privacy violations.
Read More: Facebook removed VPN app from Apple store (SC Magazine, Aug 27, 2018)