Flaw News, Articles and Updates

Google divulges vulnerability in Microsoft Edge before patch is ready

Microsoft misses Project Zero disclosure deadline. Security researchers at Google's Project Zero have publicised a flaw in Microsoft Edge before a patch has been readied.

Serious DoS flaw spotted in WordPress platform - affects most versions

Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.

Uber says bug that allows 2fa bypass 'not particularly severe'

Just two months after the car-sharing service admitted to covering up a breach that exposed sensitive information on 57 million customers and drivers, a security researcher has discovered a flaw.

Security issue found in AMD's Platform Security Processor

Security researchers have discovered a flaw in the AMD PSP (Platform Security Processor), which could enable hackers to execute code in a security module that stores data such as passwords, certificates, and encryption keys.

Major Intel CPU flaw OS-independent; fix could degrade performance

A reported chip flaw in Intel processors that has existed at least for the last 10 years allows software programs to access content in kernel memory and patching the bug.

Microsoft launches privilege escalation attack on itself with Office 365

A flaw in the way Microsoft Azure Active Directory (AD) Connect configures the AD synchronisation account in Office 365 hybrid installations, creates stealthy admins in the user group by default.

Hackers exploit vBulletin flaw to access 27M accounts on 11 websites

Attackers used a flaw in the internet forum software vBulletin to breach 11 websites, exposing personal information of 27 million accounts.

A pox on your servers: dormant vulnerability patched after 15 years

Admins scramble to patch HTTP proxy header flaw, Httpoxy, that leaks data via PHP, Go and Python scripts running in a CGI environment.

Microsoft security technology used to disable itself

Researchers have discovered a vulnerability in Microsoft's EMET security tool that can be used against itself to shut it down.

Microsoft Word users fuming as abnormal update borks macros

Microsoft security patch causes users to lose customised templates and safe macros, leaving cyber-security commentators shaking their heads that the software giant could make such a newbie mistake.

McAfee Enterprise Security Manager failed to manage own security

Hard-coded username allowed access to the McAfee Enterprise Security Manager as master user without authentication or password.

Another security flaw in Android, multitasking is affected

Another likely serious flaw has been discovered in Android, this time it affects the ability to multitask.

Another Android flaw affects almost all devices

Another critical flaw has been uncovered that affects almost all Android devices