Vulnerabilities News, Articles and Updates

State Dept. criticized for poor records management, Clinton broke rules, IG report says

State Dept. criticized for poor records management, Clinton broke rules, IG report says

By

"Longstanding, systemic weaknesses" prevented the State Department from properly managing cybersecurity risks, according to an IG report.

US-CERT: Domain name collision bug could result in MitM attacks

US-CERT: Domain name collision bug could result in MitM attacks

By

The US-CERT issued an alert this week, warning of a "domain name collision" bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle attacks.

Adobe patches Connect untrusted search path vulnerability

Adobe patches Connect untrusted search path vulnerability

By

A security update for Adobe Connect for Windows released Monday resolves an untrusted search path vulnerability in the add-in installer for Connect versions 9.5.2 and earlier.

Changing of the TidePool: Operation Ke3chang malware evolves as APT threat reappears

Changing of the TidePool: Operation Ke3chang malware evolves as APT threat reappears

By

Operation Ke3chang, the APT that in 2013 was discovered targeting Europe-based Ministries of Foreign Affairs, not only apparently remains active but also seems to be leveraging a new family of malware called TidePool.

Cash stolen from 1,400 ATMs in Japan in coordinated attack

Cash stolen from 1,400 ATMs in Japan in coordinated attack

By

As many as 100 people are believed to have taken part in a heist of nearly $13 million (USD) from 1,400 cash machines in Japan.

Ubiquiti warns of worm using known exploit on outdated AirOS firmware

Ubiquiti warns of worm using known exploit on outdated AirOS firmware

By

Updated: A worm that made its way into Ubiquiti Networks equipment through outdated AirOS firmware has wreaked havoc on ISPs and others that use the Ubiquiti networking platform.

After trio of hacks, SWIFT addresses information sharing concerns

After trio of hacks, SWIFT addresses information sharing concerns

By

Following reports of a cyberattack last year in which hackers stole $9 million from an Ecuadorean bank, SWIFT stated it is taking steps to create more information sharing practices.

60 percent of enterprise Android phones prone to QSEE vulnerability

60 percent of enterprise Android phones prone to QSEE vulnerability

By

Duo Labs researchers found that 60 percent of enterprise Android phones are affected by a critical QSEE vulnerability.

Cisco patches Web Security Appliance flaws

Cisco patches Web Security Appliance flaws

By

Cisco patched vulnerabilities affecting the company's Web Security Appliance devices that affect how the web filtering devices process traffic.

Angler Exploit campaign infected at least 19 sites

Angler Exploit campaign infected at least 19 sites

By

Cyphort Labs spotted a new Angler Exploit campaign that has already infected at least 19 websites.

VMware patches vulnerabilities that enable malicious code execution, privilege escalation

VMware patches vulnerabilities that enable malicious code execution, privilege escalation

By

VMware issued two product updates on Tuesday to patch and present workarounds for two vulnerabilities, one considered critical and the other important.

The brick doesn't fall far from the Apple tree

The brick doesn't fall far from the Apple tree

Apple has released a series of security updates to both tvOS, iOS, watchOS, OSX, Safari and iTunes.

Magento flaw allowed hackers to execute code using APIs

Magento flaw allowed hackers to execute code using APIs

By

Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.

Trojan in app on Google Play shuttered

Trojan in app on Google Play shuttered

By

A variant of the malware family Acecard was detected in the Google Play store by researchers at Lookout.

77% of organisations unprepared for cyber-security incidents

77% of organisations unprepared for cyber-security incidents

Roughly 77 percent of organisations are unprepared for cyber-security incidents according to research by NTT Com in its 2016 Global Threat Intelligence Report.

Cisco patch blocks DoS vulnerability

Cisco patch blocks DoS vulnerability

By

Remote attackers have been shut out of the IPsec code of Cisco Adaptive Security Appliance (ASA) Software following Tuesday's patch.

MEPs discuss Privacy Shield in U.S.

MEPs discuss Privacy Shield in U.S.

The "Privacy Shield", intended to replace 'Safe Harbour' agreements for transfers of personal data between the EU and the US are being debated by Members in the European Parliament and their US counterparts during their current visit to Washington and Silicon Valley (17 to 20 May).

OSGP custom RC4 encryption cracked yet again

OSGP custom RC4 encryption cracked yet again

The Open Smart Grid Protocol's (OSGP) home-grown RC4 encryption has been cracked once again. The easy-to-break, custom RC4 was cracked last year.

UPDATED - Domo Arigato: White hat reports vulnerability on Mr. Robot website

UPDATED - Domo Arigato: White hat reports vulnerability on Mr. Robot website

By

The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting vulnerability, according to a Forbes.com report.

Pornhub dismisses hacker's offer to sell access to servers as hoax

Pornhub dismisses hacker's offer to sell access to servers as hoax

By

A hacker calling himself Revolver yesterday advertised on Twitter that he was selling access to Pornhub servers for $1,000 after discovering an exploit, but the pornography video sharing website is disputing the veracity of this hack.

Google seeks to phase out Flash on Chrome by year-end

Google seeks to phase out Flash on Chrome by year-end

By

Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

DHS issues alert over old SAP vulnerability after 36 organizations infiltrated

By

The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.

Mozilla wants advance disclosure of zero day exploited by FBI in Playpen case

Mozilla wants advance disclosure of zero day exploited by FBI in Playpen case

By

Mozilla asked a federal district court in Washington to compel the FBI to disclose a zero-day vulnerability in the Tor browser that authorities exploited to identify patrons of the Tor-based child pornography site Playpen.

Flawed input validation vulnerabilities in 7-Zip result in round of patches

Flawed input validation vulnerabilities in 7-Zip result in round of patches

By

7-Zip, a popular open-source file archiving application used to compress and decompress files, has issued patches for input validation vulnerabilities that can lead to remote code execution.

Pornhub launches bug bounty program on HackerOne

Pornhub launches bug bounty program on HackerOne

By

Pornhub is offering white hats between $50 and $25,000 for reporting qualifying vulnerabilities.

Attackers already pouncing on newly discovered ImageTragick vulnerability

Attackers already pouncing on newly discovered ImageTragick vulnerability

By

Mere hours after word spread last week of a remote code execution vulnerability in the image-processing software ImageMagick, bad actors were already actively exploiting it in the wild

Patch Tuesday: Adobe Flash Player patch on the way, Acrobat, Reader fixes issued

Patch Tuesday: Adobe Flash Player patch on the way, Acrobat, Reader fixes issued

By

Adobe will issue an update later this week for Flash Player to patch a vulnerability that is currently being exploited in the wild, and the company also released a slew of fixes for its Reader and Acrobat product lines.

Patch Tuesday: Microsoft rolls out 16 bulletins, eight rated critical

Patch Tuesday: Microsoft rolls out 16 bulletins, eight rated critical

By

Microsoft's May Patch Tuesday roll out contains 16 bulletins covering 37 vulnerabilities, with half of them being rated critical and possibly leading to remote code execution.

Florida security expert demoing flaw charged for unauthorized access

Florida security expert demoing flaw charged for unauthorized access

By

A Florida man who logged into a computer system with appropriated credentials now faces felony charges.

Study: Apple, Android should better vet app stores, notify users of 'dead apps'

Study: Apple, Android should better vet app stores, notify users of 'dead apps'

By

Appthority's Q2 2016 Enterprise Mobile Threat Report found Apple and Android should better vet their app stores.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US