Flaws

Vulnerabilities in Slack could have led to account hijacking

Vulnerabilities in Slack could have led to account hijacking

By

Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.

Project Zero hacking contest targets remote code execution flaws

By

Google's Project Zero unveiled an Android hacking contest that aims to discover flaws on the Nexus 6P and 5X devices.

Researchers claim Android Keystore encryption is broken

Researchers claim Android Keystore encryption is broken

By

Developers wrong to choose simplicity over security

ICYMI: SC Awards; Lenova flaw; TeamViewer flaw?; ransomware rise

ICYMI: SC Awards; Lenova flaw; TeamViewer flaw?; ransomware rise

By

The latest In Case You Missed It (ICYMI) looks at SC Awards winners; Flawed app in Lenova; TeamViewer potential flaw; ex-staff with access; ransomware rise continues.

InfoSec 2016: WhiteHat says "security from within" key to tackling web vulnerabilities

InfoSec 2016: WhiteHat says "security from within" key to tackling web vulnerabilities

By

WhiteHat Security's vice president, Ryan O'Leary, says "security has to come from within", explaining that "no vendor will be able to help you if you don't secure your software or web application from the get-go."

Nearly 1500 vulnerabilities found in automated medical equipment

Nearly 1500 vulnerabilities found in automated medical equipment

By

Security researchers have discovered 1,418 flaws in outdated medical equipment still in use by some healthcare providers.

Dropbear SSH daemon doesn't authenticate users

By

A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.

Tor launching bug bounty programme

By

A bug bounty programme will be launched later this year by the Tor Project to help steer security researchers to report issues that they find in software in a responsible manner.

Adobe issues new batch of patches

By

Another emergency patch to guard against exploits in the wild

Encryption flaws engulf 80% of mobile devices

By

Encryption flaws can be found in over 80 percent of mobile devices and an application written in the scripting languages PHP, ColdFusion and Classic ASP are more prone to having serious flaws.

Warnings over Node.js flaw that could lead to DoS attacks

Warnings over Node.js flaw that could lead to DoS attacks

By

Node.js admits to two critical security flaws but delays patching

'Multitude of flaws' found in British alarm platform

By

Dangerous vulnerabilities have been discovered in network-connected alarm systems by British penetration tester, Andrew Tierney.

Researchers find remote code execution vulnerabilities in Huawei 4G modems

Researchers find remote code execution vulnerabilities in Huawei 4G modems

By

The modem flaw could have enabled hackers to take over PCs and launch DoS attacks

Flaws found in Pocket

Flaws found in Pocket

By

Vulnerability could have allowed hackers to siphon off data from Firefox servers

Hackers exploiting Windows vulnerability that infects via USB

Hackers exploiting Windows vulnerability that infects via USB

By

Flaw hits all versions of Windows; infects when USB peripheral is mounted

Apple App Store and iTunes buyers hit by zero-day

Apple App Store and iTunes buyers hit by zero-day

By

A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.

High-severity OpenSSL vulnerability patched

High-severity OpenSSL vulnerability patched

The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.

 ICYMI: Tor sniffing, router bugs and Hacking Team fallout

ICYMI: Tor sniffing, router bugs and Hacking Team fallout

By

This week's ICYMI column looks at Tor sniffing, old-school router attacks and the fallout from the Hacking Team data breach.

LG pledges to fix Android smart phone vulnerability

LG pledges to fix Android smart phone vulnerability

By

LG appears to have changed its mind about patching a security flaw in its Android smart phones which was discovered by security researchers last year.

Time to abandon Flash?  Hit by zero-day once again

Time to abandon Flash? Hit by zero-day once again

By

Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash

Google launches Android bug bounty programme

Google launches Android bug bounty programme

By

Fresh from paying out US$ 1.5 million (£960,000) to security researchers who found bugs in the Chrome browser and other products last year, Google is expanding its bounty rewards programme so to include its Android operating system and devices running on it.

ICYMI: Tea-loving hackers, Venom flaw and overworked CISOs

ICYMI: Tea-loving hackers, Venom flaw and overworked CISOs

This week's ICYMI column looks at a tea shop data breach, analysis on the Venom flaw and concerns over 'burnt-out' security professionals.

Freaky 'LogJam' TLS flaw weakens web encryption for MiTM surprise

Freaky 'LogJam' TLS flaw weakens web encryption for MiTM surprise

By

Researchers say the new 'LogJam' encryption flaw could be used by attackers to downgrade Transport Layer Security (TLS) connections to 512-bit export-grade cryptography, to crack that connection and read any data being transmitted. The flaw affects thousands of web and email servers, as well as VPNs.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US