Vulnerabilities News, Articles and Updates

Securing the vulnerabilities of remotely working

CIOs and security professionals need to ensure that company security policies are established and enforced, whether employees access company sensitive data from home offices, public Wi-Fi networks or hotels says Gerald Beuchelt.

UK University fails to learn - UEA, a data breach repeat offender

The UEA has suffered another data breach; an email was sent to about 300 students in the social science faculty which included the personal health information of a member of staff, in a repeat use of a flaw not fixed previously.

Artificial intelligence can fool Captcha security more than half the time

Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.

20% of Manchester police computers at risk of ransomware - using XP

Some 20 percent of Greater Manchester Police's computers are at risk of a ransomware hack due to still running Windows XP, according to research from

Hiding in plain sight - attacks via trusted entry routes such as updates

Sophisticated attackers will subvert trusted suppliers of executable code such as software updates, consequently, Martin Lee says that a sophisticated response is required.

Flaw in LinkedIn Messenger could harbour malware

Millions could have been exposed to malware bug in LinkedIn Messenger

How secure is your localhost domain? Hint - it may not be what it says

According to the t-shirt 'There's no place like' but just how secure is this particular home? And should recommendations become instructions to end ambiguity?

npm removes malicious JavaScript packages caught stealing data

Malware-spiked packages designed to steal environment variables upon installation found and removed by the developers of the JavaScript programming language package manager "npm"

What lies beneath? - Tackling the threat of BIOS attacks

Attackers are always on the lookout for new vectors and unmonitored devices are attractive targets; Paul McKiernan warns, ensure that a security stack covers every attack vector - below the OS, in the OS and above the OS.

Linux file manager flaw leaves security "Bad Taste"

The vulnerability could execute malicious Windows scripts in Linux.

Multiple vulnerabilities found in connected IoT home security device

Popular IoT home security device could allow hackers to turn burglar alarms on and off and switch on siren, says researcher who dissected it.

EMC products hit by multiple vulnerabilities including SQL injection

Multiple SQL injection flaws in EMC products could allow hackers to gain web access and take information from applications.

SQL injection vulnerability found in popular WordPpress plug in, again

Security researchers have found yet another SQL injection vulnerability in a WordPress plugin.

After the WannaCry ransomware campaign, why aren't people patching?

A massive ransomware campaign attacked countless endpoints for the second time in just over a month, exploiting a vulnerability that had been patched months earlier. SC asks, why does this keep happening?

Gridlocked: Aussie speed cameras infected with WannaCry ransomware

In the latest episode in the WannaCry saga, the infamous piece of ransomware has locked up dozens of speed cameras in the south eastern region of Victoria.

NSA Double Pulsar malware found mining monero for malicious miscreants

Yet another case of cyber-criminals using NSA hacking tools has emerged, this time leveraged to mine crypto-currency.

Cyber due-diligence now forms an essential part of M&A planning

As cyber-concerns make their way up the boardroom agenda, companies involved in mergers and acquisitions are increasingly conducting cyber due-diligence.

'Doubleswitch' campaign targeting activists via social media

In a new campaign, attackers are locking out activists from their social media accounts.

Vault 7: WikiLeaks dumps reveal CIA's use of home router exploits

The latest WikiLeaks dump shows off the CIA's exploitation of vulnerabilities in internet routers.

Virgin Media routers contain vulnerability which allows admin access

Security researchers have found that the encryption key used for custom configurations of Virgin Media broadband routers is the same for all hubs across the UK.

UK's Privacy watchdog Heartbleeds Gloucester City council for £100k

Gloucester City Council must pay £100,000 to the Information Commissioner after it fell victim to the HeartBleed vulnerability, months after it had been patched.

Hackers use EternalBlue exploit to distribute non-WannaCry payloads

An exploit used to propagate WannaCry is now being used to deliver other malware.

Is the wildly popular WordPress a conduit to compromise?

Is the world's most popular content management system riddled with holes, exploits and vulnerabilities? and what can be done to change that? SC's Davey Winder reports...

Remote code execution bug that could have global impact patched by Samba

The developers of the free, open-source Samba suite of SMB/CFIS-based interoperability applications for *NIX machines issued an important patch on Wednesday, following the discovery of a remote code execution vulnerability.

The incredible story of third-Party script dangers - & how to stop them

Hadar Blutrich discusses some of the common ways of handling malware distribution through ads and suggests 'next generation sandboxes' around websites might be able to reduce of these risks.

Iris scanner of Samsung Galaxy S8 hacked with simple cheat

The German Chaos Computer Club (CCC) hackers has found a way to cheat the biometric verification safety feature found on the Samsung Galaxy S8

Bug in Google Chrome could enable hackers to steal Windows credentials

A recently discovered flaw in Google Chrome could allow cyber-criminals to steal windows credentials, infect victims with malware and allow SMB relay attacks, according to security engineer Bosko Stankovic.

Threat intelligence - tell me everything, but only what I need to know

Mark Kedgley discusses the concept of alert fatigue and the need for forensic level, real-time integrity change monitoring, combined with blacklist/whitelist based analysis for breach detection.