Vulnerabilities

Stegano malvertising campaign invades major news websites, warns report

Stegano malvertising campaign invades major news websites, warns report

By

A recently discovered exploit kit called Stegano is infecting select machines via malicious banner ads that, by conservative estimates, have been delivered to over a million users in just the last two months.

Script exploited in WordPress theme, bypasses security, sends spam

Script exploited in WordPress theme, bypasses security, sends spam

By

Hackers, flying beneath the radar, have been using script that's part of a WordPress theme to send spam.

Firefox zero day impacts Tor

Firefox zero day impacts Tor

By

A Tor executive has confirmed that a zero-day vulnerability impacting Tor and Firefox has been spotted being used to execute malicious code, but it has been reported to Mozilla, according to ARS Technica.

Updated: A million German routers knocked offline by failed Mirai botnet attack

Updated: A million German routers knocked offline by failed Mirai botnet attack

By

Nearly a million customers of telecoms company Deutsche Telekom AG began experiencing network outages, possibly to due hacker sabotage.

Analysis finds high-risk vulnerabilities in four popular WordPress e-commerce plug-ins

Analysis finds high-risk vulnerabilities in four popular WordPress e-commerce plug-ins

By

A static code analysis of 12 commonly used WordPress e-commerce plug-ins found that at least four of them contained one or more high-risk vulnerabilities.

LFI vulnerability allegedly found in website of Barclays/RBS

LFI vulnerability allegedly found in website of Barclays/RBS

By

A hacker going by the name of CyberZeist is claiming to have found a Local File Inclusion vulnerability in the website of "many UK banks".

Chrome exploit allows Svpeng Trojan to bypass security measure; patch reportedly coming

Chrome exploit allows Svpeng Trojan to bypass security measure; patch reportedly coming

By

Experts at Kaspersky Lab now understand how the mobile banking trojan Svpeng has been able to automatically download itself via malvertising ads while bypassing Google Chrome browser permissions.

65% of Windows devices run Windows 7, where 600 vulnerabilities reside

65% of Windows devices run Windows 7, where 600 vulnerabilities reside

By

This seven-year-old version of the software is leaving enterprises open to 600 security vulnerabilities.

DoS vulnerabilities found in ICS equipment

DoS vulnerabilities found in ICS equipment

By

Further vulnerabilities have been discovered in Schneider Electric industrial control systems kit by researchers from CheckPoint Software and Critifence who have dubbed them "PanelShock".

Researcher finds Mirai flaws that could allow counterattack on botnet

Researcher finds Mirai flaws that could allow counterattack on botnet

By

IoT botnet blamed for Dyn attack - Mirai - has several code vulnerabilities but questions are raised over legality of its use in defence.

4SICS: Shodan founder says IoT here to stay despite security holes

4SICS: Shodan founder says IoT here to stay despite security holes

By

According to John Matherly - internet cartographer, security gadfly and founder of IoT-search engine Shodan - the internet of connected things is very much here to stay.

Analysing the attack surface

Enterprises today are under more pressure than ever to minimise their "attack surface." That is, they need to detect Indicators of Exposures (IOEs), identify vulnerabilities and capture and correct misconfigurations in security and network devices in both physical and virtual environments. This is an extremely challenging assignment. The IT organisation must locate tens-of-thousands of vulnerabilities and misconfigurations concealed on its network, analyse and prioritise those vulnerabilities and misconfigurations and remediate the most critical.

Researchers gain root access to Android devices using Rowhammer attacks

By

An international team of researchers have developed an exploit to "root" access Android phones made by LG, Samsung and Motorola using Rowhammer hardware attacks.

Vulnerabilities in Slack could have led to account hijacking

Vulnerabilities in Slack could have led to account hijacking

By

Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.

YOUR business website has at least one severe vulnerability - giving hackers open access - what can you do?

YOUR business website has at least one severe vulnerability - giving hackers open access - what can you do?

Statistically your company website already has at least one severe flaw - and there could be many more, says Ian Muscat. Why are website vulnerabilities so frequent and on the rise? What should organisations be focusing on and how can they protect themselves in the future?

Linux-run IoT devices under attack by NyaDrop

By

Internet of Things (IoT) devices running on the open-source Linux OS are under attack from NyaDrop.

Systemd and Ubuntu users urged to update to patch Linux flaws

By

Linux users should beware of a recently discovered systemd vulnerability that could shut down a system using a command short enough to send in a tweet.

Crippling bug in Linux crashes system with a single tweet

Crippling bug in Linux crashes system with a single tweet

By

A bug in Linux has been discovered that could allow a hacker to crash a system with just 48 characters of code.

Lack of encryption leaves diabetic pump open to hacking

Lack of encryption leaves diabetic pump open to hacking

By

Security researchers have warned that a number of vulnerabilities in an insulin pump could enable a hacker to put a diabetic patient's life at risk.

Researcher finds flaws in industrial control devices

Researcher finds flaws in industrial control devices

By

A number of vulnerabilities found in an industrial automation device could allow hackers to take control of machinery.

Throw your backdoored D-Link router in the bin, urges security researcher

Throw your backdoored D-Link router in the bin, urges security researcher

By

Slew of bugs and backdoors means device is unsafe to use

White hats save greybeards from black hat attack

White hats save greybeards from black hat attack

By

As yet another well-known consumer brand falls victim to 'old version syndrome' and serves up malware to its customers; we ask, why lessons aren't being learned?

Connected cars - addressing concerns around public safety

Connected cars - addressing concerns around public safety

Stephen Morrow discusses that automotive manufacturers have been focusing so much on adding functionality and usability to connected cars that they haven't properly considered the threats

500+ vulns reported to the National Vulnerability Database in 1H 2016

By

Vulnerabilities are on the rise, with 516 reported to the National Vulnerability Database in the first half of 2016 compared to only 403 total vulnerabilities were reported in 2015.

WordPress update fixes XSS issues

By

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

Congressional report faults OPM over breach preparedness and response

Congressional report faults OPM over breach preparedness and response

By

The massive breach at the US Office of Personnel Management (OPM) might have been prevented had the agency followed basic cyber-security guidelines, a congressional investigation claimed.

Letter to the Editor: Biometrics - does it strengthen or weaken security?

Letter to the Editor: Biometrics - does it strengthen or weaken security?

Biometrics can actually weaken authentication security if not implemented correctly says Hitoshi Kokumai, who asks, what exactly does the NIST Authentication Guideline have to say on this issue?

SC Webcasts UK

Sign up to our newsletters

FOLLOW US