Vulnerabilities News, Articles and Updates
Citing the success enjoyed by the DoD's Hack the Pentagon bug bounty program, the HHS is considering using ethical hackers to discover flaws in medical devices and systems.
Rapid7 yesterday publicly disclosed a class of vulnerabilities in Swagger-codegen, a code generator for the OpenAPI specification, aka Swagger)
Unidentified individuals hacked into the loyalty program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent flier miles.
Portuguese pen testing team discover 14 flaws in Uber apps which would have enabled them to get free rides and disclose details of passengers' and drivers' journeys.
A flaw opens users to the possibility of information leakage, denial of service, directory traversal and buffer overflow.
WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.
Addressing a vulnerability that could have potentially resulted in remote code execution, Apple yesterday announced a firmware update for several of its AirPort Wi-Fi products.
Every version of the Microsoft Windows operating system is at risk from a number of security weaknesses detected by a Chinese researcher.
Researchers at FireEye have found that certain iOS versions of the Vpon mobile ad software development kit (SKD) contain code that could allow bad actors to remotely take command of certain mobile apps.
SAP this week patched 21 product vulnerabilities, including an information disclosure flaw that was originally disclosed more than three years ago.
Adobe released a Flash Player update containing patches for 36 vulnerabilities, including the zero-day CVE-2016-4171, a critical issue that was called out earlier this week as having been spotted hitting targets in the wild.
Four vulnerabilities, one critical, were revealed in the web-based management interfaces of three Cisco products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).
While the Open Smart Grid Protocol's (OSGP) newest security suite that doesn't incorporate the vulnerable RC4 encryption method, known weaknesses in RC4 used in earlier generation OSGP devices, could "be exploited to successfully to attack the OSGP implementation as well."
A vulnerability that could have allowed attackers to hijack incoming emails from Verizon users' inboxes without their knowledge was detected and, a month later, patched.
Encrypted messaging app Telegram reportedly contains an unpatched vulnerability that bad actors can exploit to send massive text messages that drive up data charges or cause mobile phones to crash.
NSA Deputy Director Richard Ledgett said his agency is researching opportunities to collect from internet of things devices.
Plans are being hatched to prevent return-oriented programming attacks on memory flaws
Market forces are beginning to have an effect on zero days, evidenced by a new drop in the price of a significant zero-day.
Researchers discovered an exploit against Background Intelligent Transfer Service, a component of Microsoft's Windows 2000 that is used to transfer files asynchronously between a client and a server.
Cisco Talos researchers spotted a vulnerability in ESnet iPerf3 that could allow remote code execution.
Cisco Talos researchers spotted an arbitrary code execution vulnerability in PDFium, Google Chrome's default PDF reader.
A survey of all the ports on the internet is designed to provide decision-makers with the statistical information they need to make informed decisions on engineering the internet - and reveals many, many are open to hackers.
In its latest Firefox browser release, Mozilla this week fixed two critical vulnerabilities - a buffer overflow hazard and a set of memory safety hazards - plus 11 other security holes ranging from low to high in severity.
Juniper has disclosed that that a problem with the Junos router could enable DDoS attacks
Uber paid Finnish researcher Jouko Pynnönen a $10,000 bounty for discovering a login bypass vulnerability.
Google released its June update, patching eight critical-severity vulnerabilities and 28 high-severity vulnerabilities that affect its Nexus devices and devices manufactured by partners of Google's Android Open Source Project.
Mimecast warns organisations relying on cyber insurance: your policies may not be fully up-to-date in covering new social engineering email attacks.
The proportion of executives who continue to distrust IoT as a secure technology is overwhelming, if a new survey from research-oriented security service firm IOActive is any indication.
'Cruel' lesson: GhostShell hacking group leaks 36M records as punishment for using databases on public serversJune 06, 2016
Calling its actions a "cruel reminder of what happens when you don't use proper security hygiene," the hacker group GhostShell doxxed approximately 36 million online accounts from various databases found on public servers that don't require credentials to access.
Microsoft's Bing search engine will now give users specific warnings about possible threats on the sites being visited.
SC Magazine Articles
- Blasphemy! Godless malware preys on nearly 90 percent of Android devices
- 'Password attacks' continue; Citrix becomes latest victim
- Guccifer 2.0 out - Cozy Bear, Fancy Bear hacked DNC, Fidelis analysis shows
- Acer breach caused by improperly stored data
- Check Point tracks two waves of Cerber ransomware hitting U.S., UK
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components