Talking watch over-shares, spray and pray attack, Uniguest flawed, and more.


Hi, I’m Paul Torgersen. It’s Friday, July
12th, 2019 and this is a look at the information security news from overnight. From TechCrunch.com:
The Apple Watch Walkie Talkie app has been disabled due to an unspecified vulnerability
that could allow a person to listen to another customer’s iPhone without consent. Apple
has apologized for the bug and for the inconvenience while a fix is being worked on. From ZDNet.com:
Some Magecart groups are moving from targeted attacks to a “spray-and-pray” approach, hacking
any vulnerable AWS S3 server in their sight. Over the past few months they have managed
to infect over 17,000 domains. More details, including a link to the RiskIQ report on ZDNet. From SecurityWeek.com:
SAP released 11 Security Notes as part of the July Patch Day. These include a 9.1 severity
bug in their Diagnostic agent, and an 8.9 severity bug in the Test Modules of NetWeaver
Process Integration. Get your patch on kids. From HelpNetSecurity.com
Researchers have found critical vulnerabilities in the Citrix SD-WAN, and their SD-WAN Center,
some of the most widely used SD-WAN solutions out there. The vulnerabilities can be easily
exploited remotely by an outside attacker. Tenable has even published Proof of Concept
exploit code for some of them. Patches are available. And from BleepingComputer.com:
Researchers found that an application called SystemSleuth available on an unsecured website
could allow attackers to compromise consumer-facing Uniguest kiosks. The kiosks are locked down
Windows computers used in the hospitality, senior living, specialty retail, education,
and corporate sectors for customers to browse the web, print tickets, or purchase merchandise
from the local vendor. And that’s all for me this week. Have a
great weekend, I know I will, and until Monday, be safe out there.

, , , , , , , , , , , , , , , , , , ,

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *