Vulnerabilities News, Articles and Updates

On shaky ground: SHA-1 web standard cracked

Researchers out to demonstrate inherent weaknesses in the SHA-1 internet security standard announced they had broken the legacy cryptographic algorithm using a so-called collision attack.

Privilege escalation flaw in Huawei Themes patched in software update

Huawei Technologies has released a new software update that patches a privilege escalation vulnerability in its Huawei Themes mobile app that could ultimately result in arbitrary code execution.

Apple issues patch for Logic Pro X; new crypto-ransomware detected

Apple released a security update on Tuesday to patch a flaw in Logic Pro X, the company's software for audio professionals.

DDoS attacks fewer, more powerful in Q4, VeriSign

Last year was not a great time for companies targeted by distributed denial of service attacks (DDoS) - with the average peak size increasing by 167 percent, according to a new report from VeriSign.

Russian hacker Rasputin hits universities, state and fed government agencies

A Russian hacker who penetrated the network of the U.S. Electoral Assistance Commission and then put its database up for sale, has been detected continuing his nefarious activities.

Almost all organizations lack the technology to defend against cyberattacks, Tripwire

A new survey shows that just 3 percent of IT security professionals believe their organization has the technology in place to deal with the most common cyber problems that they face.

Adobe issues patches, Microsoft's usual Patch Tuesday fixes delayed

Adobe released security updates on Tuesday for Adobe Flash Player, while the usual Patch Tuesday fixes from Microsoft were put on hold.

Yahoo slapped with class-action suit after breach

A Texas man has filed a class action lawsuit alleging that his credit card details were stolen from his Yahoo accounts and used for fraudulent purchases.

Humans are the biggest risk to enterprise security, report

A Proofpoint report determined that in 2016 attacks across mobile and social media platforms increased, ransomware exploded and targeted attacks grew more sophisticated.

Report: More than 100K WordPress web pages defaced following disclosure of patched bug

More than 100,000 WordPress web pages have been defaced, following last week's public disclosure of a patched vulnerability that allows attackers to remotely modify the content of pages and posts.

Unpatched Windows zero day allows DoS attacks, possibly other exploits

Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause Dos attacks.

Data on 76 iOS TLS-protected apps vulnerable to MITM attack

A researcher has reported finding 76 iOS programs that, despite using the TLS security protocol, are vulnerable to man-in-the-middle attacks that intercept and modify data in motion

Vigilante knocks out Dark Web site hosting child porn

Freedom Hosting II (FH2), a Dark Web hosting service, experienced a brownout on Friday losing nearly 20 percent of its sites to a vigilante on an anti child porn crusade.

Privacy alert: FBI pressing Google to hand over U.S. customer data stashed on foreign servers

Google is being pressured to hand over data to the FBI that is has stored on a foreign server. It is pushing back.

WordPress secretly patches severe bug that can lead to site content modification

WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.

80% of businesses hit by certificate-related outages, study

A new study has found that inadequate cryptographic controls significantly impact reliability and availability of critical services.

Dutch revert to an all-paper ballot, fearing election hack

Fearing an election hack by a nation-state actor, the Dutch government will turn to pen and paper and not use a computer to tally the ballots in its national election next month.

Facebook launches "Delegated Recovery" tool for access

Facebook launched a new strategy by which users can regain access to lost online accounts enlisting an agreement between various online services.

Trump postpones signing of exec order on cybersecurity

President Trump on Tuesday postponed putting his signature to an executive order calling for an assessment of the nation's cybersecurity capabilities and weaknesses.

Dell, HP, Lexmark, Brother printers vulnerable to attackers, report

A research paper from a team of German academics reports on serious flaws in a number of printers that could allow remote attackers to gain access and siphon out documents.

45% of NHS trusts scan for app vulnerabilities just once a year

Nearly half (45 percent) of NHS trusts scan for application vulnerabilities just once a year. Less than eight percent do so on a daily basis.

Spotting vulnerabilities in your open source code

ESET researchers have offered programmers a few tips for spotting vulnerable code and how to correct them before they make it into your system.

WordPress updated to fend off SQL and XSS bugs

WordPress 4.7.2 was released on Thursday and users of the popular CMS platform are strongly encouraged to upgrade immediately.

Two researchers report 200 bugs in Trend Micro tools

A team of security researchers have detected more than 200 flaws across nearly a dozen of the Japan-based vendor's suite of products.

Patched Acrobat Reader heap overflow flaw could result in remote code execution

One of the vulnerabilities patched in Adobe's most recent software update was a flaw in the JPEG decoder and parser of Adobe Acrobat Reader, which could have been exploited to execute code remotely.

'Magic String' of characters could have compromised WebEx extension users

A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.

Enterprises focus on threats rather than protection of data, study

A new study released on Tuesday by Varonis revealed that enterprises are focusing on threats rather than the protection of their data.

Yahoo sale to Verizon on hold until 2Q

Two massive breaches effected the impending $4.8 billion sale of Yahoo's core business to Verizon.

Russia to attack, says hacked NY Times Twitter account

A Twitter accounting belonging to the New York Times was reported hacked on Sunday morning, possibly twice.

Hack the Army bug bounty program finds 118 vulnerabilities

The U.S. Army's three-week "Hack the Army" bug bounty trial ended last week with several hundred bug reports having been received.