Vulnerabilities & Flaws

Russian security services deny interest in buying Western software vulnerabilities

Russian security services deny interest in buying Western software vulnerabilities

By

Market for software vulnerabilities grows in Russia, security services deny involvement.

Website owners warned over Joomla flaws

Website owners warned over Joomla flaws

By

Joomla flaws - unpatched websites may already be infected

All AppSec vulnerabilities are equal - so why do some seem more equal than others?

All AppSec vulnerabilities are equal - so why do some seem more equal than others?

By

Which vulnerability do you fix first, the one that's quickest to fix or the one that can cause the most damage? Targetting the most prevelant vulnerabilities may not always be the best option.

OPenSSL patch introduced flaw, critical fix advised

OPenSSL patch introduced flaw, critical fix advised

By

Critical bug in patch means OPenSSL security fix needs fixing.

Neutrino EK adopts new exploit after open source POC release

By

The Neutrino exploit kit (EK) added a former Internet Explorer zero-day vulnerability to its arsenal.

ICYMI: EU CPNI directive; Euro 2016; Health hit; Expertise absent; Travel risk

ICYMI: EU CPNI directive; Euro 2016; Health hit; Expertise absent; Travel risk

By

The latest In Case You Missed It (ICYMI) looks at EU cyber-directive; Sports targeted; Health most breached; Orgs lack expertise; Travellers at risk

ICYMI: TeamViewer control; Intel defence; Card cloner; Skype a vector; Cloud apps not GDPR ready

ICYMI: TeamViewer control; Intel defence; Card cloner; Skype a vector; Cloud apps not GDPR ready

By

The latest In Case You Missed It (ICYMI) looks at TeamViewer hijack; Intel's processor defence; 15 per sec cards cloned; Malware via Skype; Cloud apps not GDPR ready

Siemens update advised following US CERT advisory

Siemens update advised following US CERT advisory

By

Updates are available following US Computer Emergency Response Team (CERT) issuing advisory warning of "weakly protected" credentials in Siemens SIMATIC WinCC flexible industrial control system.

ICYMI: Buffer overflow; AI crime-fighter; Banking Trojan; SS7 Flaws; PayPal Phishing

ICYMI: Buffer overflow; AI crime-fighter; Banking Trojan; SS7 Flaws; PayPal Phishing

By

The latest In Case You Missed It (ICYMI) looks at Symantec vulnerability; AI crime-fighter; Banking under threat; Flaws in SS7; PayPal phishing scam

ICYMI: Morrisons breach; Worldpay card data; power attack losses; Russian EU targets; criminal capability

ICYMI: Morrisons breach; Worldpay card data; power attack losses; Russian EU targets; criminal capability

The latest In Case You Missed It (ICYMI) looks at Morrisons lawsuit; Wordpay vulnerabilities; Critical scenario costs; EU Banks targeted; Cyber-crime capabilities.

Emergency patch for critical Adobe Flash zero-day

Emergency patch for critical Adobe Flash zero-day

By

Another critical zero day hits Adobe Flash and helps install ransomware - patch released.

Russian police prevented massive banking sector cyber-attack

Russian police prevented massive banking sector cyber-attack

By

Russian Interior Ministry cyber-crimes department thwarts Russian banking cyber-crime group.

Malwarebytes says sorry for multiple AV bugs, still unpatched

Malwarebytes says sorry for multiple AV bugs, still unpatched

By

Malwarebytes' CEO has apologised, and launched a bug bounty scheme, after Google Project Zero researchers exposed the latest in a long line of anti-virus product flaws.

Facebook ditches Flash videos to boost security

Facebook ditches Flash videos to boost security

By

Facebook has ditched insecure Flash in favour of HTML5 for all its videos but will still use Flash in games, and is working with Adobe to secure technology.

Cyber-criminals could launch man-in-the-middle attack on Xbox Live users

Cyber-criminals could launch man-in-the-middle attack on Xbox Live users

By

Xbox Live keys "inadvertently disclosed"

Warnings over Node.js flaw that could lead to DoS attacks

Warnings over Node.js flaw that could lead to DoS attacks

By

Node.js admits to two critical security flaws but delays patching

Security researcher blasts United Airlines' bug bounty programme

Security researcher blasts United Airlines' bug bounty programme

By

Security researcher claims United Airlines sat on serious bug for five months which would have allowed an attacker to access customers' flight details and even cancel flights.

ICYMI: Aviation risk; netgear patch delay; legal threats; android malware variants; SSL weakness

ICYMI: Aviation risk; netgear patch delay; legal threats; android malware variants; SSL weakness

By

This week's In Case You Missed It (ICYMI): Aviation risk warning; netgear patch delay; vulnerability disclosure -legal threats; android SMS malware variants; SSL weakness exploited for phishing.

The three methodologies behind DNS threat detection

The three methodologies behind DNS threat detection

Intelligent and analytical identification of anomalies in DNS activity is key to stopping threats before they become a real problem says Dr Malcolm Murphy, systems engineering manager, Infoblox

Is responsible disclosure responsible enough?

Is responsible disclosure responsible enough?

By

We ask industry experts, when life and limb are at risk, is responsible disclosure of vulnerabilities enough? Or should there be mandated disclosure?

Researcher finds new, wirelessly exploitable vulnerability in iOS and OS X

Researcher finds new, wirelessly exploitable vulnerability in iOS and OS X

By

A new vulnerability has been discovered in the iOS and OS X supported AirDrop function, allowing attackers to wirelessly infect devices.

Flaw in managed app configuration on iOS devices puts corporate data at risk

Flaw in managed app configuration on iOS devices puts corporate data at risk

By

"Quicksand" sandbox vulnerability could enable rogue apps

Cross-site scripting vulnerability uncovered in Salesforce cloud

Cross-site scripting vulnerability uncovered in Salesforce cloud

By

Cross-Site Scripting (XSS) vulnerability within a Salesforce subdomain now patched

Windows Server Update Services open to attack

Windows Server Update Services open to attack

By

Hackers could subvert Windows Update to install malware in organisations

VPN gone bad: APT actors enlist Chinese 'Terracotta' provider to hide criminal activity

VPN gone bad: APT actors enlist Chinese 'Terracotta' provider to hide criminal activity

APT actors are using a China-based VPN provider to hide their digital tracks and mask their identities.

UK charity CALM hacked in 'senseless' attack

UK charity CALM hacked in 'senseless' attack

By

UK charity CALM says that its website was hacked and defaced on July 24th, in an attack that has been described as 'motiveless' and 'senseless'.

Critical Bind vulnerability could snuff out large parts of internet

Critical Bind vulnerability could snuff out large parts of internet

By

A single packet could leave the internet in a bind, warn experts.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US