Vulnerabilities & Flaws

Critical Bind vulnerability could snuff out large parts of internet

Critical Bind vulnerability could snuff out large parts of internet

By

A single packet could leave the internet in a bind, warn experts.

Security concerns raised at Windows 10 roll-out

Security concerns raised at Windows 10 roll-out

By

Windows 10 launched today, but there were immediately security questions raised within the industry about some aspects and features on the new operating system.

Apple App Store and iTunes buyers hit by zero-day

Apple App Store and iTunes buyers hit by zero-day

By

A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.

Critical Android bugs can be exploited via MMS, 950M users affected

Critical Android bugs can be exploited via MMS, 950M users affected

By

Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.

Braking news - 1.4 million Jeep recalls & DAB now attack vector

Braking news - 1.4 million Jeep recalls & DAB now attack vector

After a demo of a Jeep hack in the US 1.4 million of the vehicles have been recalled - and DAB presents another attack vector according to NCC researchers

ICYMI: Visa applications exposed, government backdoors & the Ashley Madison hack

ICYMI: Visa applications exposed, government backdoors & the Ashley Madison hack

By

This week's ICYMI column looks at the most-read stories on SC this week, including our investigation on VFS Global, the UK government's attitude towards encryption and the continuing fall-out from the Ashley Madison hack.

OpenSSH flaw opens the door to brute force attackers

OpenSSH flaw opens the door to brute force attackers

By

A flaw in OpenSSH could let attackers bypass limits imposed on password login attempts, to launch brute force attacks and steal credentials.

High-severity OpenSSL vulnerability patched

High-severity OpenSSL vulnerability patched

The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.

 ICYMI: Tor sniffing, router bugs and Hacking Team fallout

ICYMI: Tor sniffing, router bugs and Hacking Team fallout

By

This week's ICYMI column looks at Tor sniffing, old-school router attacks and the fallout from the Hacking Team data breach.

eBay e-commerce platform under attack

eBay e-commerce platform under attack

By

A new credit card-stealing attack is underway on the eBay Magento e-commerce platform, which is used by more than 240,000 businesses worldwide.

Time to abandon Flash?  Hit by zero-day once again

Time to abandon Flash? Hit by zero-day once again

By

Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash

Samsung keyboard vulnerability exposes triple whammy mobile flaw

Samsung keyboard vulnerability exposes triple whammy mobile flaw

Researchers at NowSecure have uncovered a vulnerability in the stock keyboard that is pre-installed on 600 million Samsung devices, including the new Galaxy S6, that can apparently enable a remote arbitrary code execution attack.

Google launches Android bug bounty programme

Google launches Android bug bounty programme

By

Fresh from paying out US$ 1.5 million (£960,000) to security researchers who found bugs in the Chrome browser and other products last year, Google is expanding its bounty rewards programme so to include its Android operating system and devices running on it.

Hundreds of wind turbines and solar systems vulnerable to attack

Hundreds of wind turbines and solar systems vulnerable to attack

By

German security researcher Maxim Rupp has discovered numerous security flaws with solar lighting systems and wind turbines which, if maliciously exploited by an attacker, could result in disrupting energy supplies.

Zeus and Conficker malware return to haunt UK companies

Zeus and Conficker malware return to haunt UK companies

By

Old malware variants, the Zeus Trojan and the Conficker computer worm, remain a huge problem for most UK companies, according to CERT-UK's first annual report.

'Burnt-out' security pros hide breaches, demand bigger budgets

'Burnt-out' security pros hide breaches, demand bigger budgets

By

A new report into the ethics of security professionals reveals some eye-opening findings on hidden data breaches, and how incidents are being used to push for bigger budgets.

Newer MS operating systems cut malware

Newer MS operating systems cut malware

Older operating systems are considerably more vulnerable and users put themselves at greater risk of security breaches says the latest Microsoft Security Intelligence Report

ICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter

ICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter

By

The latest ICYMI column looks at the latest WordPress XSS flaw, costly data breaches and the return of the controversial "Snooper's Charter".

Venom vulnerability: toxic threat or hissing hyperbole?

Venom vulnerability: toxic threat or hissing hyperbole?

Anyone reading the news headlines on the Venom flaw over the last 24 hours might be forgiven for thinking that the sky, or at least the cloud, is falling down.

Millions of WordPress sites open to attack

Millions of WordPress sites open to attack

By

WordPress rushes out security update to fix flaw

SC Webcasts UK

Sign up to our newsletters

FOLLOW US