Search results for Verizon security vulnerability | Breaking Cybersecurity News | The Hacker News

A critical vulnerability discovered in Verizon 's FiOS mobile application allowed an attacker to access the email account of any Verizon customer with relative ease, leaving almost five million user accounts of Verizon's FiOS application at risk. The FiOS API flaw was discovered by XDA senior software developer Randy Westergren on January 14, 2015, when he found that it was possible to not only read the contents of other users' inboxes, but also send message on their behalf. The issue was discovered while analyzing traffic generated by the Android version of My FiOS , which is used for account management, email and scheduling video recordings. Westergren took time to put together a proof-of-concept showing serious cause for concern, and then reported it to Verizon. The telecom giant acknowledged the researcher of the notification the same day and issued a fix on Friday, just two days after the vulnerability was disclosed. That's precisely how it shou...

Cybersecurity today matters so much because of everyone's dependence on technology, from collaboration, communication and collecting data to e-commerce and entertainment. Every organisation that needs to deliver services to their customers and employees must protect their IT 'network' - all the apps and connected devices from laptops and desktops to servers and smartphones. While traditionally, these would all live on one "corporate network," - networks today are often just made up of the devices themselves, and how they're connected: across the internet, sometimes via VPNs, to the homes and cafes people work from, to the cloud and data centres where services live. So what threats does this modern network face? Let's look at them in more detail. #1 Misconfiguration According to recent research by  Verizon , misconfiguration errors and misuse now make up 14% of breaches. Misconfiguration errors occur when configuring a system or application so that it...

The RSA Conference , the world's leading information security conference and exposition, held its 29th annual event in San Francisco last week. According to the organizers, over 36,000 attendees, 704 speakers, and 658 exhibitors gathered at the Moscone Center to discuss privacy, Machine Learning, and AI, policy and government, applied crypto and blockchain, and, new for the RSA Conference 2020, open source tools, product security and anti-fraud. Despite several large vendors including Verizon and IBM canceling their presence in light of the spiraling panic around coronavirus, the event was one of the brightest and innovative, according to numerous stakeholders expressing their excitement in the media and on social networks. We decided to gather some feedback from the attendees, journalists, and security experts involved in RSA 2020 to understand the most recent cybersecurity trends after this milestone event. Below is our selection of 10 most innovative cybersecurity com...

When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort?  Unfortunately, when it comes to cyber security, size doesn't matter.  Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. Few small businesses prioritise cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees.  Cyber security doesn't need to be difficult Securing any business doesn't need to be complex or come with a hefty price tag. Here are seven simple tips to help the smaller business secure their systems, people and data. 1 — Install anti-virus software everywhere Every organisation has anti-vi...

If you are thinking about performing a penetration test on your organization, you might be interested in learning about the different types of tests available. With that knowledge, you'll be better equipped to define the scope for your project, hire the right expert and, ultimately, achieve your security objectives. What is penetration testing? Penetration testing, commonly referred to as "pen testing," is a technique that simulates real-life attacks on your IT systems to find weaknesses that could be exploited by hackers. Whether to comply with security regulations such as ISO 27001, gain customer and 3rd party trust, or achieve your own peace of mind, penetration testing is an effective method used by modern organizations to strengthen their cyber security posture and prevent data breaches.  Read about the different types of penetration testing to find out which type you can benefit from the most: Network penetration testing As the name suggests, a network penetra...

Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the factory floor has accelerated the connection of machinery to digital systems and data. Computer systems for managing and monitoring digital systems and data have been added to the hardware and software used for managing and monitoring industrial devices and machines, connecting OT to IT. Such connectivity enhances productivity, reduces operational costs and speeds up processes. However, this convergence has also increased organizations' security risk, making manufacturers more susceptible to attacks. In fact, in 2022 alone, there were 2,337 security breaches of manufacturing systems, 338 with confirmed data disclosure (Verizon, 2022 DBIR Report).  Ransomware: A Growing Threat for Manufacturers The nature of attacks has also changed. In the past, attackers may have been espionage-driven, targeting...

A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used to stage nefarious attacks and deliver various kinds of malware. The issue manifests in the form of a pre-installed Android app called "Showcase.apk" that comes with excessive system privileges, including the ability to remotely execute code and install arbitrary packages on the device, according to mobile security firm iVerify. "The application downloads a configuration file over an unsecure connection and can be manipulated to execute code at the system level," it said in an analysis published jointly with Palantir Technologies and Trail of Bits. "The application retrieves the configuration file from a single U.S.-based, AWS-hosted domain over unsecured HTTP, which leaves the configuration vulnerable and can make the device vulnerable." The app in question is called Verizon Retail Demo Mode ("com.customermob...

Code injection attacks, the infamous king of vulnerabilities, have lost the top spot to broken access control as the worst of the worst, and developers need to take notice. In this increasingly chaotic world, there have always been a few constants that people could reliably count on: The sun will rise in the morning and set again at night, Mario will always be cooler than Sonic the Hedgehog, and code injection attacks will always occupy the top spot on the Open Web Application Security Project (OWASP) list of the  top ten most common  and dangerous vulnerabilities that attackers are actively exploiting. Well, the sun will rise tomorrow, and Mario still has "one-up" on Sonic, but code injection attacks have fallen out of the number one spot on the infamous OWASP list, refreshed in 2021. One of the oldest forms of attacks,  code injection vulnerabilities  have been around almost as long as computer networking. The blanket vulnerability is responsible for a wide rang...

In Brief The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible. The Smartphone patch update mechanism is broken, and someone has to fix it. Most smartphone models are not receiving available security patches, and the risk of vulnerabilities , malware infections , and data loss are leaving consumers vulnerable to attacks and putting businesses and corporate networks at risk. The United States federal regulators want to know how and when mobile phone manufacturers and cell phone carriers release security updates to assure its users' security, amid mounting concerns over security vulnerabilities. The Federal Communications Commission (FCC) in partnership with the Federal Trade Commission (FTC) have launched its own, parallel inquiry into mobile devic...

More than 600 Million users of Samsung Galaxy smartphones, including the newly released Galaxy S6, are potentially vulnerable to a software bug that allows hackers to secretly monitor the phone's camera and microphone, read text messages and install malicious apps. The vulnerability is due to a problem with the Samsung built-in keyboard app that enables easier predictive text. One of the keyboard app version, SwiftKey IME , that comes prepackaged with Samsung's latest Galaxy smartphones could allow a malicious hacker to remotely execute code on user's phone even when if they are not using the keyboard app. Users cannot get rid of this Flaw The app cannot be uninstalled or disabled by the users of the Samsung smartphone devices, so it is up to Samsung to fix the critical bug. The vulnerability was discovered by NowSecure mobile security researcher Ryan Welton, who notified Samsung about the bug in December last year. The keyboard app periodic...

Today's security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On top of that, today's attackers are indiscriminate and every business - big or small - needs to be prepared. It is no longer enough for security teams to  detect and respond ; we must now also  predict and prevent . To handle today's security environment, defenders need to be agile and innovative. In short, we need to start thinking like a hacker.  Taking the mindset of an opportunistic threat actor allows you to not only gain a better understanding of potentially exploitable pathways, but also to more effectively prioritize your remediation efforts. It also helps you move past potentially harm...