Vulnerabilities & Flaws News, Articles and Updates

How safe are apps built on Open Source? Is security traded for efficiency?

Many enterprises are embracing Open source software (OSS) at a fast pace, but do such software solutions match up against enterprises' internal applications when it comes to security, robustness, maintainability, and efficiency?

Candy bar security posture leaves enterprises soft on the inside

71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.

Protecting against crypto-mining deserialisation attacks

One of the vulnerabilities that hackers have recently taken advantage of is insecure deserialisation. While insecure deserialisation is not the only method hackers use to install crypto mining malware, its use has significantly increased.

Microsoft remote assistance tool threat patched, danger remains

Microsoft has just patched a vulnerability in the primary tool the company uses to help provide remote assistance to its users, but until all devices are updated there is still some danger.

AMD update addresses critical vulnerabilities, says flaws not so severe

Advanced Micro Devices (AMD) will release firmware patches and a BIOS update to fix the chipset vulnerabilities exposed by researchers earlier this month but the firm says the flaws aren't as severe as they've been portrayed.

15-year-old finds vulnerability in Ledger cryptowallets

A 15-year-old security researcher discovered a serious flaw in Ledger cryptocurrency wallets that would allow an attacker to siphon the device's private key and drain a user's cryptocurrency account(s).

Microsoft launches $250,000 bug bounty for Spectre/Meltdown-like flaws

Microsoft has kicked off a bug bounty programme that could bring in between US$ 25,000 and US$ 250,000 (£17,800 to £178,000) to anyone able to find vulnerabilities similar to the now infamous Spectre and Meltdown.

SAP NetWeaver CRM flaws could lead to information disclosure

Security researchers have warned that SAP CRM software has a couple of vulnerabilities that could be combined to compromise user data - the flaw is about as "bad as it gets".

In security, free isn't always easy

If you can't dedicate the time to meet your free tool halfway, then it may be best to look to an alternative solution.

Windows 10 Cortana allows attackers to open malicious websites

A vulnerability in the Windows 10 voice assistant, Cortana, allows attackers to open malicious websites on a user's device even when a PC is locked.

The API vulnerabilities lurking in your architecture

As a security topic in its own right, API security and API vulnerabilities are still relatively unknown to most organisations and even many security professionals.

Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers

Security researchers report discovering several vulnerabilities and security lapses in Kaspersky Lab's my.kaspersky.com web portal, saying the flaws exposed users to potential session hijackings and account takeovers.

Cisco updates router firmware to prevent remote code execution, DoS attacks

Cisco Systems on Wednesday issued 20 security updates, notably patching a critical vulnerability in two router products that could resulted in remote code execution or a denial of service condition.

Financial services need to get back to cyber-security basics

The issue with manual patching it that it is very time consuming and vulnerabilities can be missed due to human error. Organisations can combat these issues by delegating the task to technology.

Researchers: Security of messaging apps breaks down during group chats

Vulnerabilities in the group communication protocols of three encrypted messaging apps - WhatsApp, Signal, and Threema - could allow attackers to willfully subvert their integrity and confidentiality.

Mobile SCADA application landscape less secure than in 2015

The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested.

'Locky' ransomware exploits Windows DDE weakness

Microsoft has said it will continue to support and not remove DDE as an Office document feature despite its acting as a highly effective exploit method for cyber-criminals.

Meltdown and Spectre - vulnerabilities to watch (and fix)

Almost all iPhones and Macs are at risk from Spectre chip security flaw according to industry reports.

Time to wake up to API security, the overlooked vulnerability

API vulnerabilities are the sleeping giant of our technology-led world. The threats posed by an exposed API are significant, yet, they remain the most overlooked threat to information security today says Jason Macy

VMware fixes bugs in vCenter Service Appliance, three hypervisors

VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.

123 million sensitive PII records exposed, most US households hit

A cloud-based data repository belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the US Census Bureau containing sensitive personal information on 123 million Americans.

Why companies should employ ethical hackers

Hiring a white hat hacker to find your system vulnerabilities and fix them, before the bad guys find and exploit them is a recommended method of strengthening defences says Krishna Rungta.

Retailers still in need of data breach response plan

A recent survey showed that surprisingly, a large percentage of retailers still have no data breach response plan in place.

Market-leading security products broken by Doppelganging attack

New Doppelganging attack process memory attack methodology not only defeats market-leading security products but breathes new life into old threats at the same time.

Security flaw puts 10 million banking app users at risk

Vulnerability could enable hackers to carry out MitM attacks on bank apps - 10 million users at risk

MailSploit bugs let spoofed emails bypass DMARC, spam detectors

A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms.

Alleged HBO hacker, two others possibly linked to Iranian APT group

Researchers with ClearSky Cyber Security believe with medium-level confidence that they've linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking HBO.

Researchers call bull on Dirty Cow Patch, find flaw

Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

Firefox tests in-browser breached site notifications

Firefox is testing out a warning system that will notify users when they visit breached sites and offer the option to be notified if a site they previously visited becomes breached in the future.