Vulnerabilities News, Articles and Updates

MedSec goes its own way with medical device flaw

MedSec goes its own way with medical device flaw

By

Eschewing the bug bounty route, a cybersecurity firm which detected a flaw in a medical device from St. Jude Medical, partnered with an investment firm to capitalize on its knowledge and short sell stock in the device manufacturer.

Lieu asks FCC to expedite investigation of SS7 flaw after DCCC hack

Lieu asks FCC to expedite investigation of SS7 flaw after DCCC hack

By

Rep. Ted Lieu (D-Calif.) is calling on the Federal Communications Commission (FCC) to accelerate its investigation of the SS7 flaw.

Cisco updates advisory: "We have started publishing fixes" for NSA-linked exploits

Cisco updates advisory: "We have started publishing fixes" for NSA-linked exploits

By

Cisco updated a security advisory for a remote code execution vulnerability affecting the SNMP application-layer protocol.

Three zero-days found in iOS, Apple suggests users update their iPhone

Three zero-days found in iOS, Apple suggests users update their iPhone

By

Citizen Lab and Lookout researchers detected an active spyware which exploited three iOS zero-day vulnerabilities.

Researchers find seven classes of vulnerabilities in iOS sandbox security feature

Researchers find seven classes of vulnerabilities in iOS sandbox security feature

By

Researchers across three universities have discovered seven classes of vulnerabilities in the sandboxing feature of Apple's iOS operating system.

Advocacy groups urge FCC to address connected car technology threat

Advocacy groups urge FCC to address connected car technology threat

By

Several public interest groups reached out to the FCC calling for action concerning the implementation of DSRC technology.

VMware fixes flaws in Identity Manager, vRealize Automation

VMware fixes flaws in Identity Manager, vRealize Automation

By

VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter product.

Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet

Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet

By

Juniper confirms exploits leaked by the Shadow Brokers group appear to affect its firewalls, but has not yet patched the vulnerabilities.

Ransomware: The evolution of cybercrime, a roundtable

Ransomware: The evolution of cybercrime, a roundtable

By

The threat from ransomware continues to grow and the situation will only get darker before mitigation efforts prove reliable and the miscreants move on to another attack vector, according to a panel of cybersecurity experts gathered in Manhattan on Wednesday for the Dell Data Security Ransomware Roundtable.

NYU scientists develop tool to check for chip sabotage

NYU scientists develop tool to check for chip sabotage

By

NYU scientists designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities in microchips.

After NSA leaks, a renewed interest in vulnerability disclosure

After NSA leaks, a renewed interest in vulnerability disclosure

By

Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups for a national conversation about vulnerability disclosure policy.

Two-thirds of IT security pros surveyed expect a breach to hit their company, report

Two-thirds of IT security pros surveyed expect a breach to hit their company, report

By

While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.

City of Sarasota hit with ransomware

City of Sarasota hit with ransomware

By

Although a ransomware attack hit the city of Sarasota, Fla. in February, owing to an ongoing criminal investigation, details of the attack are only now being revealed.

2FA flaw in PayPal's login portal fixed

2FA flaw in PayPal's login portal fixed

By

A two-factor authentication (2FA) vulnerability affecting PayPal's login portal process has been patched.

Is Android as easy to secure as the latest AV-TEST results appear to suggest?

Is Android as easy to secure as the latest AV-TEST results appear to suggest?

An independent IT security research facility has reviewed Android, and despite constant charges of insecurity, found the mobile platform to be far from wanting ?

U.S. government extends offer to protect states from electoral cyberthreats

U.S. government extends offer to protect states from electoral cyberthreats

By

Updated! As it considers classifying the electoral system as critical infrastructure, the U.S. government has pledged to provide states with federal assistance to help manage voting cyber risks and taking additional steps to quell fears the election this fall could be hacked.

We have the power: 'Smart' sockets could be enslaved to create botnet

We have the power: 'Smart' sockets could be enslaved to create botnet

Bitdefender has discovered vulnerabilities in a popular brand of 'smart' electrical socket which could lead to attacks on your local area network or the recruitment of the IoT device as part of a global botnet.

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

Proxy authentication flaw affects Apple, Microsoft, Oracle, Opera

By

Vulnerabilities affecting the implementation of proxy authentication could lead to an attacker launching man-in-the-middle attacks and intercepting HTTPS traffic possibly affecting including Apple, Microsoft, Opera, and Oracle products.

Chrome and Firefox address bar vulnerabilities allow spoofed URLs

Chrome and Firefox address bar vulnerabilities allow spoofed URLs

By

A Pakistani security researcher discovered a vulnerability affecting Chrome and Firefox browsers configuration of URLs in address bars.

SQL Injection flaw found in Ninja Forms WordPress plugin

SQL Injection flaw found in Ninja Forms WordPress plugin

By

A dangerous SQL Injection vulnerability has been disclosed and patched that could affect the Ninja Forms plugin for WordPress, impacting the 600,000 sites using that website construction software.

Half of enterprises ill-prepared for inside attack, study

Half of enterprises ill-prepared for inside attack, study

By

Nearly half of enterprises queried for a Mimecast survey were found to be ill-equipped to deal with threats from insiders.

Carnegie Mellon CERT warns of vulnerabilities in ReadyDesk help desk application

Carnegie Mellon CERT warns of vulnerabilities in ReadyDesk help desk application

By

The CERT Division of Carnegie Mellon University's Software Engineering Institute has reported multiple vulnerabilities in web-based help desk application ReadyDesk, version 9.1 and possibly others.

PilotFish source codes selling on dark web, report

PilotFish source codes selling on dark web, report

By

In what is being flagged as a threat to the health care sector, the source code of all of PilotFish Technology's software has been posted to the dark web.

Blackberry patch fixes QuadRooter vulnerability

Blackberry patch fixes QuadRooter vulnerability

By

Blackberry is pushing out a patch today that will make users of its PRIV and DTEK50 smartphone safe from QuadRooter, a vulnerability potentially impacting the 900 million devices in use powered by a Qualcomm processor.

Very perceptive: Talos researchers spot three vulnerabilities in Lexmark Perceptive Document Filters

Very perceptive: Talos researchers spot three vulnerabilities in Lexmark Perceptive Document Filters

By

Cisco's Talos division today publicly disclosed three new vulnerabilities in Lexmark's Perceptive Document Filters product that if exploited with specifically crafted code could result in remote code execution.

After the breach: Settlement expected for 50M Home Depot customers

After the breach: Settlement expected for 50M Home Depot customers

By

A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.

Iran investigating possible cyber angle on oil fires

Iran investigating possible cyber angle on oil fires

By

Updated! Iran's Supreme National Cyberspace Council is investigating whether a recent string of oil and petrochemical fires were caused by a cyberattack.

Cisco patches vulnerability in its IOS XR Software

Cisco patches vulnerability in its IOS XR Software

By

Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.

Interior Dept. must update access control standards to meet NIST guidelines - report

Interior Dept. must update access control standards to meet NIST guidelines - report

By

The U.S. Department of the Interior must update its access controls to meet current standards, according to an inspector general report.

Samsung releases Galaxy S6 Edge update, includes patch for a critical security vulnerability

Samsung releases Galaxy S6 Edge update, includes patch for a critical security vulnerability

By

Samsung has not provided details of the critical vulnerability, which appears to be exclusive to the S6 edge, prompting speculation that the flaw may be related to the QuadRooter vulnerabilities.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US