Critical RCE Zero-Day in TP-Link Wi-Fi Repeaters Let Hackers to Gain Remote Access

Wi-Fi extender

Researchers discovered a critical zero-day flaw in TP-Link Wi-Fi extender that allows a remote attacker to get complete control over the device and to execute commands in user privileges. This vulnerability can be tracked as CVE-2019-7406, and it affects the following models: RE650, RE350, RE365, and RE500. Like other routers, the extender also operates on […]

The post Critical RCE Zero-Day in TP-Link Wi-Fi Repeaters Let Hackers to Gain Remote Access appeared first on GBHackers On Security.

Read more

Cybersecurity pros’ haphazard participation in data privacy raises concern


Before the General Data Protection Regulation (GDPR) became official in May 2018, I heard a similar story from many CISOs. Data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.

GDPR changed everything. Data privacy was no longer a background legal project but rather a set of business-critical processes, and this impacted the cybersecurity team.  CISOs were asked to utilize their operational expertise to help operationalize data privacy programs. 

To read this article in full, please click here

Read more

Yubico, Tufin, & Venmo – Hack Naked News #223

    This week, prevent the impact of a Linux worm, Yubico recalls FIPS Yubikey tokens after flaw discovered, how fraudulent domains hide in plain site, Samsung reminds rabble to scan smart TV’s for viruses and makes them forget, and the scraping of millions of Venmo transactions in a privacy warning to consumers! In the […]

The post Yubico, Tufin, & Venmo – Hack Naked News #223 appeared first on Security Weekly.

Read more

New Android malware bypass 2FA & steal one-time passwords

By Uzair Amir

These apps were designed to pass as BtcTurk, a Turkish cryptocurrency exchange. Researcher Lukas Stefanko at the Slovakian security firm ESET has discovered Android malware in new apps that can bypass the SMS-based two-factor authentication (2FA) without using SMS permissions. The malicious apps are available on the very reliable platform Google Play Store. Don’t buy […]

This is a post from HackRead.com Read the original post: New Android malware bypass 2FA & steal one-time passwords

Read more