Vulnerabilities News, Articles and Updates

Court dismisses 3 FTC complaints against D-Link

A district court judge in California said the Federal Trade Commission (FTC) didn't prove a single instance of harm caused by what the commission had charged was D-Link's poor security for its routers and IP cameras.

Cisco mends high-severity bugs across three product lines

Cisco Systems on Wednesday issued updates for three separate product lines, in each case rectifying a high-severity vulnerability that could allow remote attackers to either elevate privileges or trigger a denial-of-service condition.

Equifax hackers likely in network since March

The hackers, who exploited a vulnerability in Apache Struts, reportedly accessed the Equifax network by obtaining a user name after typing the "Whoami" command on one of the company's servers.

Newest Joomla! release eliminates information disclosure flaws

The Joomla! Project this week released version 3.8 of its content management system, which fixes two information disclosure vulnerabilities.

Paramount Pictures, Comedy Central, MTV and hundreds more exposed in Viacom AWS leak

A mishandling of Viacom's master AWS key has left the credentials of hundreds of digital properties including Comedy Central, Paramount, MTV and other entertainment companies exposed.

WordPress patches nine security vulnerabilities

WordPress.org released version 4.8.2 that fixes nine security issues, five of which involve cross-site scripting (XSS) vulnerabilities.

Attackers can pull data from air-gapped networks' surveillance cameras

Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using surveillance cameras.

Medfusion 4000 Wireless Syringe Infusion Pump can be exploited to compromise operations

Until a new version of Smiths Medical's Medfusion 4000 Wireless Syringe Infusion Pump is issued in January 2018, its operators should be wary of eight vulnerabilities that can be remotely exploited to gain access to the device and compromise its functionality.

RIG, Magnitude, and Disdain among top EKs of summer '17

Summer 2017 saw a few established exploit kits suck as RIG EK and Magnitude EK along with the few newcomers such as the Disdain EK among its most active EKs of the season.

Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure

The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.

Microsoft Patch Tuesday: 21 critical updates listed, one zero day fixed

Microsoft's September Patch Tuesday security updates patch a zero-day flaw found in the wild and used to target Russian language speakers and details the BlueBorne vulnerability that could impact five billion Bluetooth devices.

Multiple Cisco products vulnerable to remote code execution due to Apache Struts bugs

Cisco Systems has issued a pair of advisories warning users that several of its products have been affected by vulnerabilities recently discovered in the Apache Struts 2 open-source web application framework.

Adobe Patch Tuesday: Flash Player with two critical updates

Adobe issued a light load of Patch Tuesday security updates today releasing only eight, with five being critical with two of these affecting Flash Player.

Samsung announces bug bounty for devices and services

Samsung is joining the ranks of Apple and other competitors and looking to boost the security of their platforms with the launch of its own bug bounty program.

Most Android phones susceptible to the Toast overlay vulnerability

A critical vulnerability in all Android devices running any version except 8.0 that if left unpatched can let hackers steal credentials, lock the device or install unwanted applications has been disclosed.

Severe flaws in voting software threaten integrity of German elections, hacking collective reports

A European hacker association on Thursday warned that software being used to tabulate and transmit vote totals in Germany's upcoming September parliamentary elections contains major vulnerabilities that could threaten the integrity of the outcome.

Microsoft won't patch Edge bypass vulnerability

Microsoft will not patch a security bypass vulnerability in Edge which could allow the disclosure of confidential information.

Attackers actively exploiting Apache Struts remote code execution bug

Almost immediately following the disclosure of a critical Apache Struts bug last Tuesday, exploit code for the vulnerability was published online and attackers reportedly began exploiting the flaw.

Researcher: Flaw in Windows kernel hinders identification of potentially dangerous files

A researcher is warning that a programming error in the Windows kernel might inhibit security software vendors and kernel developers from properly identifying modules loaded during runtime, including potentially malicious files.

Google releases Stable Channel Update for Chrome

Google released a Stable Channel Update for Chrome desktop which included 22 security patches including six high rated bugs.

Pacifier APT backdoor components have suspected ties to Russia-linked Turla Group

Bitdefender researchers spotted three new Pacifier APT backdoor components that appear to link the group's cyberespionage campaigns against government institutions to the Russia-linked Turla Group.

Abbott Laboratories securing vulnerable pacemakers with firmware and software updates

Healthcare product manufacturer Abbott Laboratories is updating the firmware and software in its line of implantable pacemakers to shore up a security vulnerability that could lead to unauthorized access.

Akeo Consulting Rufus bug allows remote code execution

The U.S. Computer Emergency Response Team (CERT) has issued an advisory for a vulnerability in Akeo Consulting Rufus software.