QuickBlox vulnerabilities uncovered
Check Point Research and Claroty research arm Team82 have jointly uncovered what they are characterising as major security vulnerabilities in the popular QuickBlox chat and video platform.
The platform, which is widely used for telemedicine, finance and smart IoT devices, contains vulnerabilities which if exploited could allow attackers to access the sensitive data of millions of end users.
The vulnerabilities in the QuickBlox API allowed the researchers to access application secret keys, and perform full account takeover attacks of vendors using the platform.
While examining an intercom platform using the API, researchers were able to take full control over all its devices, and also access microphones and open doors managed by the devices. The researchers were meanwhile also able to access medical records and history from a telemedicine application based on the platform.
Check Point Research and Team82 disclosed the findings to QuickBlox, which worked quickly to fix the vulnerabilities through a new, more secure architecture design and API. QuickBlox is now urging its users to migrate to the latest version for enhanced security.
CrowdStrike says it found a killswitch in DeepSeek
CrowdStrike alleges that Chinese LLM DeepSeek-R1 is more likely to produce insecure code, or...
Sophos integrates its threat intelligence platform with Copilot
Sophos has announced the launch of integrations between its Intelix cyberthreat intelligence...
Lakera launches framework for testing LLM security
Check Point’s Lakera has developed an open-source framework for testing the security of...
