Vulnerability News, Articles and Updates

Verizon data found on open AWS S3 server

Security researchers have found another publicly accessible Amazon S3 server that in this case hosted about 100MB of Verizon Wireless data that was allegedly operated by a Verizon employee.

Zerodium offers up $1 million bounty for Tor zero day

Zero-day-acquisition firm Zerodium reported it will a total of $1 million for zero day exploits found for the Tor browser on Tails Linux and Windows.

Study, Fuzz test averages reveal more vulnerabilities spotted sooner in IoT protocols

The study also found a common protocol used in IoT devices was using significantly more vulnerable than more mature protocols used by online shopping and banking industry.

Russian hacker extorts gambling company after cracking poker machines

A Russian programmer attempted to extort an Australian gambling company after cracking the spin sequence on several of the firm's poker machines.

Microsoft Patch Tuesday, 19 critical vulnerabilities addressed

Microsoft's July Patch Tuesday news covered 55 flaws with 19 being rated critical with all the latter issues leading to remote code execution if left unpatched.

Cisco patches Vault 7 vulnerability

Cisco patched a critical vulnerability, one that was disclosed in the Vault 7 hacking tools leak, that left dozens of the company's switches open to being compromised.

Update to RingGo app leaves thousands of UK drivers' data exposed

An update to car parking payment app "RingGo" has led to the exposure of the personal details of thousands of UK drivers.

Pandora Apple app vulnerable to MITM attacks

A vulnerability note was issued by CERT/CC for the Pandora music streaming service Apple iOS app for failing to properly validate SSL certificates provided by HTTPS connection.

20-year-old flaw found in Ubiquiti networking gear running ancient PHP

Running PHP 2.0.1 turns out to be a bad way to secure network devices against a range of threats including cross-site request forgery attacks.

Canadian tax and labor websites taken offline this weekend

Canada's Revenue and Statistics agencies were knocked offline Friday when officials, concerned about several vulnerabilities, took down the sites as a precautionary measure.

Trend Micro details new IoT DDoS threat

Trend Micro is reporting a new threat to Linux-based Internet of Things devices that is specifically able to exploit a specific vulnerability in surveillance cameras made by AVTech.

AirDroid updated to patch MITM exposure

Following news last week of a vulnerability in the Android app AirDroid, the company announced on Friday it completed the staged rollout of AirDroid (Mobile 4.0.0.3; Mac/Win 3.3.5.3 ) to patch the bug.