Security Alerts & News
by Tymoteusz A. Góral

History
#1652 Bug bounty hunter launches accidental DDoS attack on 911 systems via iOS bug
The Maricopa County Sheriff's Office Cyber Crimes Unit arrested Meetkumar Hiteshbhai Desai, an 18-year-old teenager from the Phoenix area, for flooding the 911 emergency system with hang-up calls.

According to a press release from the Maricopa County Sheriff's Office, Desai created a JavaScript exploit, which he shared on Twitter and other websites with his friends.

People accessing Desai's link from their iPhones saw their phone automatically dial and redial 911.

As Desai told Maricopa County officers, he was only interested in discovering bugs in iOS, which he could report to Apple and thus possibly earn money or recognition among his friends.

Desai said that he received a tip about a bug in iOS, which he successfully exploited. During his tests, the teenager created several weaponized versions of this bug which would constantly dial a phone number, or show annoying popups.

The teenager says he wanted to prank his friends, thinking it would be "funny," but when he shared the weaponized link online, he shared a version that instead of showing annoying popups, redialed a phone number, which in this case was 911.
Read more
#1660 Critical vulnerabilities pose a serious threat to Joomla sites
#1659 Web Bluetooth API privacy
#1658 Security update patches 13 Android vulnerabilities discovered by Trend Micro
#1657 AtomBombing: A code injection that bypasses current security solutions
#1656 Killing Mirai: Active defense against an IoT botnet
#1655 Google joins Mozilla and Apple in distrusting WoSign certificates
#1654 Kaspersky DDOS intelligence report for Q3 2016
#1653 Your home’s online gadgets could be hacked by ultrasound
#1652 Bug bounty hunter launches accidental DDoS attack on 911 systems via iOS bug
#1651 Google identified major vulnerability in Apple’s OS and iOS cores
#1650 How security flaws work: SQL injection
#1649 New, more-powerful IoT botnet infects 3,500 devices in 5 days
#1648 Microsoft says Russian APT group behind zero-day attacks
#1647 Firefox disables loophole that allows sites to track users via battery status
#1646 Phony Android Flash player installs banking malware
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12