BitTorrent hacked | Breaking Cybersecurity News | The Hacker News

A critical vulnerability has been discovered in the widely used Transmission BitTorrent app that could allow hackers to remotely execute malicious code on BitTorrent users' computers and take control of them. The vulnerability has been uncovered by Google's Project Zero vulnerability reporting team, and one of its researchers Tavis Ormandy has also posted a proof-of-concept attack—just 40 days after the initial report. Usually, Project Zero team discloses vulnerabilities either after 90 days of reporting them to the affected vendors or until the vendor has released a patch. However, in this case, the Project Zero researchers disclosed the vulnerability 50 days prior to the actual time limit because Transmission developers failed to apply a ready-made patch provided by the researchers over a month ago. "I'm finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that ...

If you are a torrent lover and have registered on  BitTorrent community forum website, then you may have had your personal details compromised, along with your hashed passwords. The BitTorrent team has announced that its community forums have been hacked, which exposed private information of hundreds of thousands of its users. As of now, BitTorrent is the most visited torrent client around the world with more than 150 Million monthly active users. Besides this, BitTorrent also has a dedicated community forum that has over hundreds of thousands of registered members with tens of thousands of daily visitors. A recent security alert by the team says the forum database has been compromised by hackers who were able to get their hands on its users' passwords, warning its users to update their passwords as soon as possible. The vulnerability is believed to be originated at one of its vendors, who alerted the BitTorrent team about the issue ...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...