Security Alerts & News
by Tymoteusz A. Góral

History
#901 White hat demonstrates how Better Business Bureau’s site leaked PII
A provocative white hat hacker who has previously disclosed vulnerabilities in both California’s ObamaCare portal and FireEye's core security product has now revealed a serious flaw in the Council of Better Business Bureau’s (CBBB) Web-based complaints application, which is used by nearly a million people annually to file complaints against businesses.

The CBBB criticized the “unauthorized application vulnerability test” but said in a statement that they believe “the motivation was not malicious," and are "not pursuing the matter further."

The CBBB is the umbrella organization for the independent local BBBs, the not-for-profit consumer advocacy groups that operate in the United States, Canada, and Mexico. The BBBs attempt to mediate disputes between consumers and businesses, and also accredit businesses based on how well the business meets the BBB’s “Standards of Trust.”

Independent security researcher Kristian Erik Hermansen discovered the vulnerability while attempting to file a complaint against Verizon. He told Ars the telecoms giant had defrauded a family member and that despite a successful class-action lawsuit against the company, the fraudulent charges were causing the family member credit problems.
Read more
#903 How your phone, fitness band vibration motors can be hacked for eavesdropping
#902 Facebook Messenger vulnerability patched
#901 White hat demonstrates how Better Business Bureau’s site leaked PII
#900 'Alarming' rise in ransomware tracked
#899 Android security: Google's June update splats dozens of critical, high-severity bugs
#898 Protecting your PC from ransomware gets harder with EMET-evading exploit
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12