Flaw News, Articles and Updates

IoT botnet actively exploiting Drupal CMS bug

Botnet uses compromised systems to spread infection. Security researchers have discovered a large botnet that is using a severe flaw in the Drupal CMS in order to infect other systems.

Intel SPI flash flaw could enable hackers to delete computer bios

Vulnerability could leave users with bricked systems. Intel has fixed a flaw that could prevent a system from booting, to cause it to operate in an unusual way, or execute arbitrary code during the system boot sequence.

Intel urges users to delete remote keyboard app, halts Spectre fixes

Intel is instructing users of its remote keyboard to delete the app after a critical flaw was found and also the firm is halting Spectre fixes on older chips.

Spring break vulnerability jeopardises Pivotal Spring projects

A remote code execution flaw, dubbed Spring Break, affects various Pivotal Spring projects and could allow an attacker to run arbitrary commands on any machine running applications built using Spring Data REST.

Recently patched Flash vulnerability spotted in massive malspam campaign

A recently patched Flash Player flaw was exploited in a widespread attack spam campaign primarily targeting South Koreans.

Drupal 7 and 8 patch multiple critical vulnerabilities

Drupal patched multiple vulnerabilities in both Drupal 7 and Drupal 8 including a comment reply form flaw that allows access to restricted content and an incomplete JavaScript cross-site scripting prevention flaw, both rated critical.

Google divulges vulnerability in Microsoft Edge before patch is ready

Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.

Serious DoS flaw spotted in WordPress platform - affects most versions

Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.

Uber says bug that allows 2fa bypass 'not particularly severe'

Just two months after the car-sharing service admitted to covering up a breach that exposed sensitive information on 57 million customers and drivers, a security researcher has discovered a flaw.

Security issue found in AMD's Platform Security Processor

Security researchers have discovered a flaw in the AMD PSP (Platform Security Processor), which could enable hackers to execute code in a security module that stores data such as passwords, certificates, and encryption keys.

Major Intel CPU flaw OS-independent; fix could degrade performance

A reported chip flaw in Intel processors that has existed at least for the last 10 years allows software programs to access content in kernel memory and patching the bug.

Microsoft launches privilege escalation attack on itself with Office 365

A flaw in the way Microsoft Azure Active Directory (AD) Connect configures the AD synchronisation account in Office 365 hybrid installations, creates stealthy admins in the user group by default.

Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.

A pox on your servers: dormant vulnerability patched after 15 years

Admins scramble to patch HTTP proxy header flaw, Httpoxy, that leaks data via PHP, Go and Python scripts running in a CGI environment.

Microsoft security technology used to disable itself

Researchers have discovered a vulnerability in Microsoft's EMET security tool that can be used against itself to shut it down.

Microsoft Word users fuming as abnormal update borks macros

Microsoft security patch causes users to lose customised templates and safe macros, leaving cyber-security commentators shaking their heads that the software giant could make such a newbie mistake.

McAfee Enterprise Security Manager failed to manage own security

Hard-coded username allowed access to the McAfee Enterprise Security Manager as master user without authentication or password.

Another security flaw in Android, multitasking is affected

Another likely serious flaw has been discovered in Android, this time it affects the ability to multitask.

Another Android flaw affects almost all devices

Another critical flaw has been uncovered that affects almost all Android devices