Vulnerabilities

Researcher finds critical bugs affecting Netgear NMS300 ProSafe

Researcher finds critical bugs affecting Netgear NMS300 ProSafe

By

A vulnerability affecting Netgear's NMS300 ProSafe network management system allows attackers to access the directory of servers the system runs on and upload malware.

Thunderstrike 2 creators join their one-time target Apple

Thunderstrike 2 creators join their one-time target Apple

By

Apple has brought on board two security researchers who previously worked to develop the infamous Thunderstrike 2 worm.

CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers

CERT: Poor password policy leaves OpenELEC operating system vulnerable to hackers

By

The CERT Division at Carnegie Mellon University yesterday issued an alert detailing a password vulnerability in the Open Embedded Linux Entertainment Center operating system.

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Update: eBay 'cesspit' has 'no plans' to fix severe vulnerability

Though a large vulnerability was discovered in eBay's global sales platform, the company has 'no plans' to fix the active code exploit.

 Flash is dead. Long live Flash.

Flash is dead. Long live Flash.

By

Flash has a reputation for security flaws, but experts say it is time to develop a strategy for "dealing" because its ubiquity means it will remain for years to come. Alan R. Earls reports.

Researchers spot bugs in toys that could expose personal data

Researchers spot bugs in toys that could expose personal data

By

Researchers at Rapid7 discovered vulnerabilities in Fisher-Price's Smart Toy and hereO's GPS platforms that could expose user data.

Audit uncovers flaws in U.S.'s 'EINSTEIN' cybersecurity program

Audit uncovers flaws in U.S.'s 'EINSTEIN' cybersecurity program

By

A new report from the U.S. Government Accountability Office exposes multiple perceived flaws in the Department of Homeland Security's National Cybersecurity Protection System, otherwise known as EINSTEIN.

Apache server default setting leaves Tor users' identities vulnerable

Apache server default setting leaves Tor users' identities vulnerable

By

A default configuration used by the Apache server has been discovered as vulnerable to uncovering the identity of Tor users.

MediaTek code exposes Android KitKat devices

MediaTek code exposes Android KitKat devices

By

Independent security researcher Justin Case discovered a "backdoor" in a processor made by manufacturer MediaTek.

Blackshades malware co-author sentenced to five years probation

Blackshades malware co-author sentenced to five years probation

By

Following a guilty plea in 2013 for distributing malware and conspiring to commit computer hacking, Michael Hogue was sentenced to five years probation.

Flash is dead. Long live Flash.

Flash is dead. Long live Flash.

By

Flash has a reputation for security flaws, but experts say it is time to develop a strategy for "dealing" because its ubiquity means it will remain for years to come. Alan R. Earls reports.

Securing open source

Securing open source

Open source code might be presumed mature, but could rely on technology developed a decade earlier.

LG G3 vulnerability allows arbitrary JavaScript code

LG G3 vulnerability allows arbitrary JavaScript code

By

Researchers at BugSec and Cynet discovered a bug in the LG G3 Android smartphone that could allow an attacker to run arbitrary code.

Cisco advises firewall users to patch critical vulnerability

Cisco advises firewall users to patch critical vulnerability

By

Cisco yesterday warned users of a critical vulnerability in the web-based interface of its EV220W Wireless Network Security Firewall devices, which if exploited could allow remote attackers to access administrative privileges by circumventing the authentication process.

Mozilla patches 11 issues with Firefox, three rated critical

Mozilla patches 11 issues with Firefox, three rated critical

By

Mozilla released 11 patches for Firefox 44 and Firefox ESR 38.6 with three being rated as critical.

Samsung security update fixes critical bugs hidden in Galaxy devices, Android OS

Samsung security update fixes critical bugs hidden in Galaxy devices, Android OS

By

The latest maintenance release from Samsung will include security patches that address several vulnerabilities capable of triggering arbitrary code executions, causing memory corruptions, or rebooting factory reset protections and reactivation locks (FRP/RL).

PayPal's business site vulnerable to remote code execution

PayPal's business site vulnerable to remote code execution

Michael Stepankin, also known as Artsploit, has disclosed a major vulnerability in PayPal's business site, allowing remote code execution.

Oversight Committee seeks response from agencies about Juniper

Oversight Committee seeks response from agencies about Juniper

By

The Senate's Committee on Oversight and Government Reform has requested information from 24 federal agencies and government departments following the illicit code announced by Juniper Networks.

Ray Rothrock: "Assume attackers are in your system"

Ray Rothrock: "Assume attackers are in your system"

By

As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.

Fortinet on SSH vulnerabilities: look, this really isn't a backdoor, honest

Fortinet on SSH vulnerabilities: look, this really isn't a backdoor, honest

Security firm goes full disclosure on mechanics of SSH issue and finds three more vulnerabilities

Google: Linux flaw impact on Android devices not as widespread as predicted

Google: Linux flaw impact on Android devices not as widespread as predicted

By

After patching a critical flaw in the Android OS's code and releasing it to open source, Google hinted that Perception Point's estimate that more than two-thirds of the devices would be impacted by the Linux vulnerability was "exaggerated,"

TeslaCrypt encryption key storage algorithm flaw lets victims retrieve files

TeslaCrypt encryption key storage algorithm flaw lets victims retrieve files

By

A flaw in TeslaCrypt's encryption key storage algorithm - since fixed in version 3.0 - lets the trojan's victims retrieve their files, according to a report in Bleepingcomputer.com.

Google Chrome update includes 37 patches, two for high-risk vulnerabilities

Google Chrome update includes 37 patches, two for high-risk vulnerabilities

By

Google promoted its Chrome browser to a stable channel and patched 37 bugs, two of them high risk.

Cisco patches multiple critical flaws

Cisco patches multiple critical flaws

By

Cisco released patches for multiple vulnerabilities that would allow remote attackers to takeover infected devices.

RSA event asking security execs for Twitter passwords

RSA event asking security execs for Twitter passwords

By

File it under "irony" or "misguided," but executives at some of the world's largest IT security companies willingly gave up Twitter passwords while registering for a security event.

Document: U.S. gov't OKs exploiting certain zero-days during investigations

Document: U.S. gov't OKs exploiting certain zero-days during investigations

By

The U.S. government acknowledges in its "Vulnerabilities Equities Process" (VEP) to sometimes condoning withholding information on zero-day vulnerabilities so they can be exploited for intelligence and law enforcement purposes.

Bridging the Linux security perception gap

Bridging the Linux security perception gap

A newly-discovered privilege-escalation vulnerability in the Linux kernel has once again opened the debate around just how secure the open-source operating system really is.

Oracle patches 248 bugs

Oracle patches 248 bugs

By

Oracle released an update to patch 248 vulnerabilities found in over 50 product lines, including Oracle Database, Java SE, and Oracle E-Business Suite, and other products.

Apple updates iOS, OS X and Safari

Apple updates iOS, OS X and Safari

By

Apple released patches for iOS and OS X operating systems and Safari after Synack's Patrick Wardle demonstrated that it was still possible for attackers to bypass Apple's Gatekeeper program.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US