Vulnerabilities News, Articles and Updates

HHS may copy the DoD's Hack the Pentagon program

HHS may copy the DoD's Hack the Pentagon program

By

Citing the success enjoyed by the DoD's Hack the Pentagon bug bounty program, the HHS is considering using ethical hackers to discover flaws in medical devices and systems.

Code generator for Swagger spec vulnerable to remote code execution

Code generator for Swagger spec vulnerable to remote code execution

By

Rapid7 yesterday publicly disclosed a class of vulnerabilities in Swagger-codegen, a code generator for the OpenAPI specification, aka Swagger)

Air India frequent flier miles hacked

Air India frequent flier miles hacked

By

Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.

Pen testers discover mega vulnerabilities in Uber

Pen testers discover mega vulnerabilities in Uber

Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.

Bug detected in popular chat client Pidgin

Bug detected in popular chat client Pidgin

By

A flaw opens users to the possibility of information leakage, denial of service, directory traversal and buffer overflow.

WordPress 4.5.3 release mends eight security flaws, 17 bugs

WordPress 4.5.3 release mends eight security flaws, 17 bugs

By

WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.

Apple fixes memory corruption vulnerability in AirPort product line

Apple fixes memory corruption vulnerability in AirPort product line

By

Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products.

BadTunnel flaw affects every Windows OS

BadTunnel flaw affects every Windows OS

By

Every version of the Microsoft Windows operating system is at risk from a number of security weaknesses detected by a Chinese researcher.

Risky code in Vpon SDKs leaves mobile apps prone to malicious takeovers

Risky code in Vpon SDKs leaves mobile apps prone to malicious takeovers

By

Researchers at FireEye have found that certain iOS versions of the Vpon mobile ad software development kit (SKD) contain code that could allow bad actors to remotely take command of certain mobile apps.

SAP patches three-year-old vulnerability, plus 20 more flaws

SAP patches three-year-old vulnerability, plus 20 more flaws

By

SAP this week patched 21 product vulnerabilities, including an information disclosure flaw that was originally disclosed more than three years ago.

Adobe patches critical zero-day vulnerability in Flash Player

Adobe patches critical zero-day vulnerability in Flash Player

By

Adobe released a Flash Player update containing patches for 36 vulnerabilities, including the zero-day CVE-2016-4171, a critical issue that was called out earlier this week as having been spotted hitting targets in the wild.

Cisco warns of four unpatched vulnerabilities in firewall, two routers

Cisco warns of four unpatched vulnerabilities in firewall, two routers

By

Four vulnerabilities, one critical, were revealed in the web-based management interfaces of three Cisco products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).

 OSGP update doesn't use RC4 encryption that researchers say vulnerable to attack

OSGP update doesn't use RC4 encryption that researchers say vulnerable to attack

While the Open Smart Grid Protocol's (OSGP) newest security suite that doesn't incorporate the vulnerable RC4 encryption method, known weaknesses in RC4 used in earlier generation OSGP devices, could "be exploited to successfully to attack the OSGP implementation as well."

Clear path to Verizon email accounts patched

Clear path to Verizon email accounts patched

By

A vulnerability that could have allowed attackers to hijack incoming emails from Verizon users' inboxes without their knowledge was detected and, a month later, patched.

Vulnerability in Telegram messaging app can send data charges soaring

Vulnerability in Telegram messaging app can send data charges soaring

By

Encrypted messaging app Telegram reportedly contains an unpatched vulnerability that bad actors can exploit to send massive text messages that drive up data charges or cause mobile phones to crash.

NSA may dabble in IoT surveillance

NSA may dabble in IoT surveillance

By

NSA Deputy Director Richard Ledgett said his agency is researching opportunities to collect from internet of things devices.

Intel looks at stopping hackers and malware at the processor level

Intel looks at stopping hackers and malware at the processor level

Plans are being hatched to prevent return-oriented programming attacks on memory flaws

Windows zero day devalued as supply and demand takes hold, experts speculate

Windows zero day devalued as supply and demand takes hold, experts speculate

Market forces are beginning to have an effect on zero days, evidenced by a new drop in the price of a significant zero-day.

Researchers find exploit affecting Microsoft's BITS

Researchers find exploit affecting Microsoft's BITS

By

Researchers discovered an exploit against Background Intelligent Transfer Service, a component of Microsoft's Windows 2000 that is used to transfer files asynchronously between a client and a server.

ESnet iPerf tool vulnerable to remote code execution attacks

ESnet iPerf tool vulnerable to remote code execution attacks

By

Cisco Talos researchers spotted a vulnerability in ESnet iPerf3 that could allow remote code execution.

PDFium vulnerability in Google Chrome enabled arbitrary code execution

PDFium vulnerability in Google Chrome enabled arbitrary code execution

By

Cisco Talos researchers spotted an arbitrary code execution vulnerability in PDFium, Google Chrome's default PDF reader.

Report finds millions of firewall ports left open unnecessarily

Report finds millions of firewall ports left open unnecessarily

A survey of all the ports on the internet is designed to provide decision-makers with the statistical information they need to make informed decisions on engineering the internet - and reveals many, many are open to hackers.

Mozilla's Firefox 47 patches 13 vulnerabilities, two critical

Mozilla's Firefox 47 patches 13 vulnerabilities, two critical

By

In its latest Firefox browser release, Mozilla this week fixed two critical vulnerabilities - a buffer overflow hazard and a set of memory safety hazards - plus 11 other security holes ranging from low to high in severity.

Flaw in Juniper's JunOS router software could cause DDoS flood

Flaw in Juniper's JunOS router software could cause DDoS flood

Juniper has disclosed that that a problem with the Junos router could enable DDoS attacks

Uber forks over $10K bounty for login bypass flaw

Uber forks over $10K bounty for login bypass flaw

By

Uber paid Finnish researcher Jouko Pynnönen a $10,000 bounty for discovering a login bypass vulnerability.

Google patches 36 critical-severity and high-severity flaws

Google patches 36 critical-severity and high-severity flaws

By

Google released its June update, patching eight critical-severity vulnerabilities and 28 high-severity vulnerabilities that affect its Nexus devices and devices manufactured by partners of Google's Android Open Source Project.

InfoSec 2016: Mimecast says organisations unsure about cyber insurance

InfoSec 2016: Mimecast says organisations unsure about cyber insurance

Mimecast warns organisations relying on cyber insurance: your policies may not be fully up-to-date in covering new social engineering email attacks.

Survey: 85 percent of senior security pros say more than half of IoT products are not secure

Survey: 85 percent of senior security pros say more than half of IoT products are not secure

By

The proportion of executives who continue to distrust IoT as a secure technology is overwhelming, if a new survey from research-oriented security service firm IOActive is any indication.

'Cruel' lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public servers

'Cruel' lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public servers

By

Calling its actions a "cruel reminder of what happens when you don't use proper security hygiene," the hacker group GhostShell doxxed approximately 36 million online accounts from various databases found on public servers that don't require credentials to access.

Microsoft updates malware warnings with more specifics

Microsoft updates malware warnings with more specifics

By

Microsoft's Bing search engine will now give users specific warnings about possible threats on the sites being visited.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US