Vulnerabilities & Flaws

eBay e-commerce platform under attack

eBay e-commerce platform under attack

By

A new credit card-stealing attack is underway on the eBay Magento e-commerce platform, which is used by more than 240,000 businesses worldwide.

Time to abandon Flash?  Hit by zero-day once again

Time to abandon Flash? Hit by zero-day once again

By

Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash

Samsung keyboard vulnerability exposes triple whammy mobile flaw

Samsung keyboard vulnerability exposes triple whammy mobile flaw

Researchers at NowSecure have uncovered a vulnerability in the stock keyboard that is pre-installed on 600 million Samsung devices, including the new Galaxy S6, that can apparently enable a remote arbitrary code execution attack.

Google launches Android bug bounty programme

Google launches Android bug bounty programme

By

Fresh from paying out US$ 1.5 million (£960,000) to security researchers who found bugs in the Chrome browser and other products last year, Google is expanding its bounty rewards programme so to include its Android operating system and devices running on it.

Hundreds of wind turbines and solar systems vulnerable to attack

Hundreds of wind turbines and solar systems vulnerable to attack

By

German security researcher Maxim Rupp has discovered numerous security flaws with solar lighting systems and wind turbines which, if maliciously exploited by an attacker, could result in disrupting energy supplies.

Zeus and Conficker malware return to haunt UK companies

Zeus and Conficker malware return to haunt UK companies

By

Old malware variants, the Zeus Trojan and the Conficker computer worm, remain a huge problem for most UK companies, according to CERT-UK's first annual report.

'Burnt-out' security pros hide breaches, demand bigger budgets

'Burnt-out' security pros hide breaches, demand bigger budgets

By

A new report into the ethics of security professionals reveals some eye-opening findings on hidden data breaches, and how incidents are being used to push for bigger budgets.

Newer MS operating systems cut malware

Newer MS operating systems cut malware

Older operating systems are considerably more vulnerable and users put themselves at greater risk of security breaches says the latest Microsoft Security Intelligence Report

ICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter

ICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter

By

The latest ICYMI column looks at the latest WordPress XSS flaw, costly data breaches and the return of the controversial "Snooper's Charter".

Venom vulnerability: toxic threat or hissing hyperbole?

Venom vulnerability: toxic threat or hissing hyperbole?

Anyone reading the news headlines on the Venom flaw over the last 24 hours might be forgiven for thinking that the sky, or at least the cloud, is falling down.

Millions of WordPress sites open to attack

Millions of WordPress sites open to attack

By

WordPress rushes out security update to fix flaw

Taking a trip of discovery into the unknown

Taking a trip of discovery into the unknown

Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.

RSA 2015: Bug bounties - accepted but concerns remain

RSA 2015: Bug bounties - accepted but concerns remain

By

Bug bounties often get results quicker than in-house teams and pen testers - but concerns remain that there may be unintended consequences.

ICYMI: SSL and Magento flaws, APT gangs & the breach blame game

ICYMI: SSL and Magento flaws, APT gangs & the breach blame game

By

This week's ICYMI column looks at the top stories on SC from the last week, from the breach blame game and Anonymous hackers to the discovery and patching of critical SSL and Magento flaws.

RSA: Thousands of Android apps found to be vulnerable

RSA: Thousands of Android apps found to be vulnerable

By

Vulnerability testing by CERT found tens of thousands of Androd apps are vulnerable and no full register exists as they don't all get CVE assigned.

15% of e-commerce sites hit by critical Magento RCE flaw

15% of e-commerce sites hit by critical Magento RCE flaw

By

eBay's e-commerce platform Magento has a critical remote code execution (RCE) flaw, which could be used by hackers to remotely compromise up to 200,000 online stores in order to steal credit card details and personal information.

Apple fix for Mac Rootpipe backdoor "doesn't work"'

Apple fix for Mac Rootpipe backdoor "doesn't work"'

By

Experts say botched patch leaves tens of millions of Mac OS X devices vulnerable to hijack.

Critical patch for flaw hitting all MS versions

Critical patch for flaw hitting all MS versions

This vulnerability, if left unpatched, affects every flavour of Windows utilising the IIS services version 6+ to support web sites.

Votes gone walkabout after Australian election voting flaw

Votes gone walkabout after Australian election voting flaw

By

With the UK general election only weeks away now, a security flaw has surfaced in the Australian state of New South Wales that may have left votes susceptible to interception and manipulation.

WordPress plug-ins open to attack

WordPress plug-ins open to attack

A new generation of vulnerabilities that threaten WordPress users revolve around various plugins for the blogging platform report researchers.

Hot and bothered air-gapped PCs open to Bitwhisper attack

Hot and bothered air-gapped PCs open to Bitwhisper attack

By

Security researchers at Ben Gurion University in Israel have continued their examination of security on air-gapped PCs, finding that they can be compromised using specially-designed malware measuring tiny fluctuations in heat.

OpenSSL patches 'high severity' bug - but it's no Heartbleed

OpenSSL patches 'high severity' bug - but it's no Heartbleed

By

The OpenSSL group has patched numerous flaws with the release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, including a "high severity" bug which, fortunately, is not as serious as Heartbleed or Poodle.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US