March 2, Help Net Security – (International) 0-day flaw in Seagate NAS devices endangers thousands. A security researcher discovered that certain firmware versions of Seagate Business Storage 2-Bay NAS devices are susceptible to an easily-exploitable zero-day remote code execution vulnerability due to outdated Web-enabled application management versions of Hypertext Preprocessor (PHP), CodeIgniter, and Lighttpd technologies that contain known security issues. The company is reportedly working on the issue. Source
March 2, Softpedia – (International) Privilege escalation glitch found in Toshiba software. SmartNet researchers discovered a path privilege escalation vulnerability in Toshiba’s Bluetooth Stack for Windows and Service Station that could allow attackers to take over control of computers by implementing malicious programs, and alter or delete information stored on hard disks. Toshiba released updates for its vulnerable products. Source
March 2, Softpedia – (International) Vulnerabilities in Blu-ray players open door for network compromise. Security researchers at NCC Group discovered security flaws in the software and hardware of Blu-ray players that could allow attackers to use poorly implemented Java to create malicious discs in order to bypass auto-run protection mechanisms through a sandbox escape and execute arbitrary code automatically. The second vulnerability was achieved by launching a library from a USB drive plugged into the device and the Web browser which could allow modifications of the firmware in order to remove anti-piracy technology. Source
March 2, Information Week Dark Reading – (International) Uber Takes Over 5 Months To Issue Breach Notification. 50,000 Uber drives just being told now that their names and license numbers were exposed. Uber, the service that allows users to hire cars or conduct ride shares via mobile app (which has been banned in several cities), announced last Friday that it had experienced a data breach that exposed the names and license numbers of approximately 50,000 current and former Uber drivers. Source