Vulnerabilities

GM says OnStar app flaw fixed, researcher says still exploitable

GM says OnStar app flaw fixed, researcher says still exploitable

By

GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.

Yahoo bug bounty program pays out more than $1 million to researchers

By

Yahoo's Interim CEO Ramses Martinez detailed the company's bug bounty program's successes since its creation in 2013.

Majority of Android devices vulnerable to denial-of-service bug

Majority of Android devices vulnerable to denial-of-service bug

By

Trend Micro has identified a new Android denial-of-service bug that can be exploited to make devices unresponsive and practically unusable.

Researchers hack into self-aiming rifle through Wi-Fi

By

A pair of security researchers discovered a way to hack into a TrackingPoint self-aiming rifle through its Wi-Fi network.

Researcher finds several vulnerabilities in PHP File Manager

Researcher finds several vulnerabilities in PHP File Manager

By

Researcher Sijmen Ruwhof uncovered several critical security vulnerabilities in PHP File Manager that leave user data unprotected.

Researchers find vulnerability in Skoda vehicles

By

Researchers at Trend Micro discovered a security flaw in Skoda automobiles that could allow an attacker to spy on vehicle data.

Critical Android bugs can be exploited via MMS, 950M users affected

Critical Android bugs can be exploited via MMS, 950M users affected

By

Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.

Internet Explorer Mobile contains four unpatched vulnerabilities

Internet Explorer Mobile contains four unpatched vulnerabilities

By

HP's Zero Day Initiative (ZDI) disclosed four unpatched zero-day vulnerabilities in Internet Explorer Mobile that enable web-based attacks.

Zero-day in Fiat Chrysler feature allows remote control of vehicles

Zero-day in Fiat Chrysler feature allows remote control of vehicles

By

A pair of researchers discovered an exploit in Uconnect-enabled Fiat Chrysler vehicles that allows an attacker to take control of the vehicle.

All smartwatches are vulnerable to attack, finds study

All smartwatches are vulnerable to attack, finds study

By

All ten smartwatches tested by HP Fortify reported significant security vulnerabilities, along with their Android and iOS cloud and mobile application components, according to a new report.

WordPress 4.2.3 released, addresses critical XSS vulnerability

WordPress 4.2.3 released, addresses critical XSS vulnerability

By

The XSS vulnerability can be exploited to compromise an affected website, but certain conditions must first be met.

Security firm details vulnerabilities in two WordPress plugins

By

High-Tech Bridge released advisories on Wednesday that detail medium risk vulnerabilities in two WordPress plugins.

Chrome 44 promoted to stable channel, includes 43 security fixes

By

The Google Chrome team promoted Chrome 44 to the stable channel for Windows, Mac and Linux on Tuesday.

OPM rewrites privacy policy to allow for system investigations

By

The Office of Personnel Management (OPM) rewrote its privacy regulations to allow legislators and outside entities to look through its databases for signs of data breaches.

Microsoft addresses critical RCE vulnerability in all versions of Windows

By

If successfully exploited, the remote code execution vulnerability can enable an attacker to take full control of the affected system

Abandon XP! Malware is coming to get you

Abandon XP! Malware is coming to get you

Windows XP infections are set to skyrocket as Microsoft finally ends support for its anti-malware and malicious software removal tool.

Cisco addresses denial-of-service vulnerability in Videoscape products

By

The updates address a denial-of-service vulnerability in Videoscape Distribution Suite for Internet Streaming and Videoscape Distribution Suite Service Broker.

Thousands of vulnerabilities identified in government system

By

The U.S. Department of the Interior received an Inspector General report that pointed out nearly 3,000 vulnerabilities in its system.

Siemens energy automation bug could have allowed unauthorized control over device

By

A recently patched vulnerability in Siemens energy automation systems could have allowed an attacker to gain unauthorized control of the device.

Researchers develop quicker RC4 encryption algorithm attack

Researchers develop quicker RC4 encryption algorithm attack

By

Mathy Vanhoef and Frank Piessens indicated that their technique is so effective that users may want to consider not using the RC4 encryption algorithm.

Oracle's patch update contains 193 security fixes

Oracle's patch update contains 193 security fixes

By

The update includes 25 security fixes for Oracle Java SE, and seven of the bugs received a CVSS Base Score score of 10.0.

PCI compliance: Compensating controls for increased security

With credit card data theft growing at an alarming rate and undermining consumer confidence, organizations are investing in their network security for PCI compliance - only to realize that being compliant does not mean they're protected against advanced cyberattacks.

Russian hackers exploit unusual Java zero-day to hit unnamed NATO country

Russian hackers exploit unusual Java zero-day to hit unnamed NATO country

Cyber-espionage group 'Pawn Storm' has been exploiting an unusual Java zero-day vulnerability to carry out drive-by-download attacks on a NATO country and US defence company, according to Trend Micro.

Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 support

Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 support

By

This month, Microsoft released four critical patches and 10 bulletins ranked "important."

Adobe fixes Flash Player zero-day vulnerabilities, bugs in other products

Adobe fixes Flash Player zero-day vulnerabilities, bugs in other products

By

The Flash Player updates are for Windows, Macintosh and Linux and address two critical bugs that were identified in the Hacking Team leaks.

United Airlines pays researcher bug bounty of 1M air miles

By

United Airlines paid a security researcher one million air miles for finding vulnerability and submitting it to the airline's bug bounty program.

Adobe working to patch two critical zero-day vulnerabilities in Flash Player

Adobe working to patch two critical zero-day vulnerabilities in Flash Player

By

Both Adobe Flash Player vulnerabilities are being reported by security researchers as zero-day bugs that came out of the recent Hacking Team leaks.

Dyre infections surge, variants spread through Windows exploit

Dyre infections surge, variants spread through Windows exploit

By

A pair of security firms observed an uptick in Dyre infections with new variants exploiting a vulnerability already patched by Microsoft.

Government agency initiates vulnerability disclosure discussions

Government agency initiates vulnerability disclosure discussions

By

The National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.

APT28 uses leaked Hacking Team exploits in custom EK

By

According to ESET researchers, APT28 started using the Flash exploit on Wednesday, the same day Adobe released a patch for the issue.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US