- Indian Cricket Board Exposes Personal Data of Thousands of Players
The IT security researchers at Kromtech Security Center discovered a trove of personal and sensitive data belonging to around 15,000 to 20,000 Indian applicants participating in cricket seasons 2015-2018. According to the report published by Hackread, the data exposed to the public in two misconfigured AWS (Amazon Web Service) S3 cloud storage buckets. According to the researcher, Kromtech researchers, the data was divided into different categories of players including those under 19 years old. The data was accessible to anyone with an Internet connection and basic knowledge of using AWS cloud storage. The exposed data includes names, date of birth, place of birth, permanent addresses, email IDs, proficiency details, medical records, birth certificate number, passport number, SSC certificate number, PAN card number, mobile number, landline and phone number of the person who can be contacted in case of emergency.
Cyber Security Tips: To prevent yourself from such a data leak you are strongly recommended that secure your AWS account secure with strong authentication, use the security appliance to monitor your AWS buckets and use strong data encryption methods used in AWS storage.
- Red Hat Linux DHCP Client Found Vulnerable to Command Injection Attacks
Whenever your system joins a network, it’s the DHCP client application which allows your system to automatically receive network configuration parameters, such as an IP address and DNS servers, from the DHCP (Dynamic Host Control Protocol) server. According To the report, Google security researcher has discovered a critical vulnerability in DHCP client which allows attackers to execute arbitrary commands with root privileges on targeted systems. The vulnerability resides in the NetworkManager integration script included in the DHCP client packages which is configured to obtain network configuration using the DHCP protocol. Red Hat has confirmed that the vulnerability impacts Red Hat Enterprise Linux 6 and 7.
Cyber Security Tips: Red Hat as well as Fedora has released updates for their affected version. You are strongly recommended updating their packages. Other popular Linux distributions like OpenSUSE and Ubuntu do not appear to be impacted by the vulnerability, as their DHCP client implementation doesn’t have NetworkManager integration script by default.
- Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC
Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software. A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in Adobe Photoshop CC. There are 24 critical vulnerabilities categorized as Double Free, Heap Overflow, and Use-after-free, Out-of-bounds write, Type Confusion, and Untrusted pointer which if exploited, could allow arbitrary code execution in the context of the targeted user. The vulnerability (CVE-2018-4946) impacts Photoshop CC 2018 version 19.1.3 and earlier 19.x versions, as well as Photoshop CC 2017 version 18.1.3 and earlier 18.x versions.
Cyber Security Tips: Adobe recommends end users and administrators to install the latest security updates as soon as possible.