Flaws News, Articles and Updates

Grindr flaws spill personal info on users, reveals locations

Security flaws in Grindr can expose the personal information and location of its three million or so users.

Top security flaws move to Microsoft from Adobe

Hackers more likely to use cryptocurrency mining malware than an exploit kit, report says. Malware campaigns have shifted focus onto Microsoft and cryptocurrency mining rather than using flaws in Adobe Flash and exploit kits.

Mobile ransomware & banking malware thrive as hackers put focus on mobile

Security patches introduced by Apple and Google reduced instances of jailbreaking and minimised firmware flaws, but the use of mobile ransomware, banking malware, and malicious apps by cyber-criminals shot through the roof in 2017.

Intel says it followed industry standards with Spectre/Meltdown reveal

Intel is stating the reason behind its decision to not inform industry organisations and the US federal government of crucial flaws in its processors is it was following established industry reporting standards.

JenX botnet using video game to recruit IoT devices

Security researchers have found a new botnet that uses flaws connected to the Satori botnet and uses hosting services running multiplayer versions of Grand Theft Auto to infect IoT devices.

Meltdown, Spectre updates aplenty, but the fix is more complicated

A pair of flaws dubbed Meltdown and Spectre that take advantage of the speculative execution performance feature in modern CPUs make the memory of virtually all computers and devices accessible to hackers.

npm removes malicious JavaScript packages caught stealing data

Malware-spiked packages designed to steal environment variables upon installation found and removed by the developers of the JavaScript programming language package manager "npm"

Cyber-attacks using exploits up by a quarter in 2016, says Kaspersky

Kaspersky Lab reports the number of attacks using software vulnerabilities is rising fast, driven by the professionalisation of cyber-crime.

ICYMI: SC Awards, iPhone hack, Trump's $1.5bn, skills gap, Ubiquiti flaw

In Case You Missed It: SC Awards Finalists; 200 m icloud accounts breached; Trump cybersec spend; overcoming skills gap; ubiquity flaw

Vulnerabilities in Slack could have led to account hijacking

Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.

Project Zero hacking contest targets remote code execution flaws

Google's Project Zero unveiled an Android hacking contest that aims to discover flaws on the Nexus 6P and 5X devices.

Researchers claim Android Keystore encryption is broken

Developers wrong to choose simplicity over security

ICYMI: SC Awards; Lenova flaw; TeamViewer flaw?; ransomware rise

The latest In Case You Missed It (ICYMI) looks at SC Awards winners; Flawed app in Lenova; TeamViewer potential flaw; ex-staff with access; ransomware rise continues.

InfoSec 2016: WhiteHat says "security from within" key to tackling web vulnerabilities

WhiteHat Security's vice president, Ryan O'Leary, says "security has to come from within", explaining that "no vendor will be able to help you if you don't secure your software or web application from the get-go."

Nearly 1500 vulnerabilities found in automated medical equipment

Security researchers have discovered 1,418 flaws in outdated medical equipment still in use by some healthcare providers.

Dropbear SSH daemon doesn't authenticate users

A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.

Tor launching bug bounty programme

A bug bounty programme will be launched later this year by the Tor Project to help steer security researchers to report issues that they find in software in a responsible manner.

Adobe issues new batch of patches

Another emergency patch to guard against exploits in the wild

Encryption flaws engulf 80% of mobile devices

Encryption flaws can be found in over 80 percent of mobile devices and an application written in the scripting languages PHP, ColdFusion and Classic ASP are more prone to having serious flaws.

Warnings over Node.js flaw that could lead to DoS attacks

Node.js admits to two critical security flaws but delays patching

'Multitude of flaws' found in British alarm platform

Dangerous vulnerabilities have been discovered in network-connected alarm systems by British penetration tester, Andrew Tierney.

Researchers find remote code execution vulnerabilities in Huawei 4G modems

The modem flaw could have enabled hackers to take over PCs and launch DoS attacks

Flaws found in Pocket

Vulnerability could have allowed hackers to siphon off data from Firefox servers

Hackers exploiting Windows vulnerability that infects via USB

Flaw hits all versions of Windows; infects when USB peripheral is mounted

Apple App Store and iTunes buyers hit by zero-day

A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.

High-severity OpenSSL vulnerability patched

The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.