Follow the latest infoSec / cyber security news, reported bugs, flaws, breaches and vulnerabilities. Inspect InfoSec is a security hub that provides vulnerability assessment, penetration testing for web and mobile applications. We also provide information security / cyber security news, blogs, guides and tutorials.
Multiple Flaws in Remote Desktop Protocol allows to attack RDP clients A research firm Check Point, has disclosed multiple flaws in the Remote Desktop Protocol. These vulnerabilities could allow compromised or infected machines to attack the RDP clients that remotely connect to them. Remote Desktop Protocol (RDP) is usually considered Read more…
Elevated privilege flaw in its Microsoft Exchange Server Elevated privilege flaw in Microsoft Exchange server would allow a remote attacker to impersonate an administrator. According to Microsoft security advisory number ADV190007, An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt Read more…
Critical Bug in the Apple MacOS KeyChain A new Apple zero-day vulnerability for MacOS allow an attacker to extract passwords from a targeted Mac’s Keychain password management system. According to a security researcher Linus Henze, the central Keychain of Apple macOS has a critical flaw. It allows a manipulated app Read more…
“SpeakUp” Backdoor trojan targeting Linux and Mac A malware named ‘SpeakUp’ is exploiting the Linux servers and Mac devices in a new crypto-mining campaign. According to Check Point, Malware insert a backdoor Trojan by exploiting known vulnerabilities in six different Linux distributions. They further said that the crypto-mining campaign is gaining Read more…
Potential cyber-security attack on DNS infrastructure: U.S. Warning The U.S. government is warning of a potentially disastrous cyber-security attack targeting DNS infrastructure. Department of Homeland Security (DHS) has not publicly disclosed which agencies have been impacted by the DNS hijacking campaign. Several cyber-security firms including FireEye and Cisco Talos have Read more…
Critical Vulnerability in wide deployed Cisco Small Business Switches According to Cisco Security Advisory, A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability (CVE-2018-15439), which has a critical base CVSS 2.0 security Read more…
Millions of Gov Files Exposed by Open Server Server was left open for at least a week and exposes sensitive information including FBI investigations to patient’s health related data. Millions of government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least Read more…
Critical Vulnerability in ES File Explorer A highly critical vulnerability in ES file explorer is reported by a french researcher. According to Elliot Alderson, ES File Explorer has vulnerability which would allow a hacker to access sensitive information on your device. ES File Explorer has over 100 million installs on Read more…
High-Severity Bugs in Web Hosting providers Paulos Yibelo, a well-known and respected bug hunter and researcher has found, reported and now disclosed a dozen bugs that made it easy to steal sensitive information or take over any customer’s account from some of the largest web hosting companies on the internet. In Read more…
U.S. charges Hackers/Traders for stealing SEC filings According to reuters U.S. authorities on Tuesday charged a suspected Ukrainian computer hacker and several traders with scheming to trade on market-moving corporate earnings news stolen from a U.S. Securities and Exchange Commission database. The charges against 10 defendants, including two charged criminally, Read more…