Vulnerabilities News, Articles and Updates

Linux file manager flaw leaves security "Bad Taste"

The vulnerability could execute malicious Windows scripts in Linux.

Multiple vulnerabilities found in connected IoT home security device

Popular IoT home security device could allow hackers to turn burglar alarms on and off and switch on siren, says researcher who dissected it.

EMC products hit by multiple vulnerabilities including SQL injection

Multiple SQL injection flaws in EMC products could allow hackers to gain web access and take information from applications.

SQL injection vulnerability found in popular WordPpress plug in, again

Security researchers have found yet another SQL injection vulnerability in a WordPress plugin.

After the WannaCry ransomware campaign, why aren't people patching?

A massive ransomware campaign attacked countless endpoints for the second time in just over a month, exploiting a vulnerability that had been patched months earlier. SC asks, why does this keep happening?

Gridlocked: Aussie speed cameras infected with WannaCry ransomware

In the latest episode in the WannaCry saga, the infamous piece of ransomware has locked up dozens of speed cameras in the south eastern region of Victoria.

NSA Double Pulsar malware found mining monero for malicious miscreants

Yet another case of cyber-criminals using NSA hacking tools has emerged, this time leveraged to mine crypto-currency.

Cyber due-diligence now forms an essential part of M&A planning

As cyber-concerns make their way up the boardroom agenda, companies involved in mergers and acquisitions are increasingly conducting cyber due-diligence.

'Doubleswitch' campaign targeting activists via social media

In a new campaign, attackers are locking out activists from their social media accounts.

Vault 7: WikiLeaks dumps reveal CIA's use of home router exploits

The latest WikiLeaks dump shows off the CIA's exploitation of vulnerabilities in internet routers.

Virgin Media routers contain vulnerability which allows admin access

Security researchers have found that the encryption key used for custom configurations of Virgin Media broadband routers is the same for all hubs across the UK.

UK's Privacy watchdog Heartbleeds Gloucester City council for £100k

Gloucester City Council must pay £100,000 to the Information Commissioner after it fell victim to the HeartBleed vulnerability, months after it had been patched.

Hackers use EternalBlue exploit to distribute non-WannaCry payloads

An exploit used to propagate WannaCry is now being used to deliver other malware.

Is the wildly popular WordPress a conduit to compromise?

Is the world's most popular content management system riddled with holes, exploits and vulnerabilities? and what can be done to change that? SC's Davey Winder reports...

Remote code execution bug that could have global impact patched by Samba

The developers of the free, open-source Samba suite of SMB/CFIS-based interoperability applications for *NIX machines issued an important patch on Wednesday, following the discovery of a remote code execution vulnerability.

The incredible story of third-Party script dangers - & how to stop them

Hadar Blutrich discusses some of the common ways of handling malware distribution through ads and suggests 'next generation sandboxes' around websites might be able to reduce of these risks.

Iris scanner of Samsung Galaxy S8 hacked with simple cheat

The German Chaos Computer Club (CCC) hackers has found a way to cheat the biometric verification safety feature found on the Samsung Galaxy S8

Bug in Google Chrome could enable hackers to steal Windows credentials

A recently discovered flaw in Google Chrome could allow cyber-criminals to steal windows credentials, infect victims with malware and allow SMB relay attacks, according to security engineer Bosko Stankovic.

Threat intelligence - tell me everything, but only what I need to know

Mark Kedgley discusses the concept of alert fatigue and the need for forensic level, real-time integrity change monitoring, combined with blacklist/whitelist based analysis for breach detection.

Other side of the tracks - spotting intruders on the rail network

SC's Tony Morbin visited Arriva Trains Wales in its Cardiff office to find out how the Welsh trains company was tackling attacks on its network.

Hackers plunder bank accounts via SS7 TFA flaw - risk known 'for years'

O2 has admitted that thieves exploited flaws in SS7 to steal money from victim's bank accounts.

Security & CT Expo: vehicle security "like shooting fish in a barrel"

Cars are soft targets for hackers. With the right resources and skills it is relatively straightforward to exploit vehicles' vulnerabilities.

The chaos that lies behind the multitude of IoT operating systems

Mark Weir discusses why a multitude of operating systems is bad news for the safety of the internet, hence the need for the public to demand standardising of OS use.

It's not paranoia if they really are out to get you... the case for SDDC

David Cohen explores the view that, in 2017, layering Is the most effective cyber-security strategy and how becoming an expert at reading data patterns is an integral part of securing the data centre.

Preventing Skynet: Securing robotic and IoT devices

Unsecure Internet of Things (IoT) devices and the increasing use of automation are leading to vulnerable robotic device, robots if you will, that if compromised by a hacker could inflict physical harm to human not to mention opening the device possibly compromising all types of personal information.

Skype bug allows hackers to execute arbitrary code on victim's machine

Security researchers have discovered a flaw in Skype that could enable hackers to run code on a target system, phish for credentials and crash applications.

Has this new Black Duck report sunk Linus's Law once and for all?

Black Duck's new report showcasing widespread vulnerabilities in open source software challenges the widely and tightly held belief in Linus' law.

Security vulnerabilities found in select Linksys router models

Security researchers uncover 10 separate issues making thousands of popular Wi-Fi routers susceptible to attack.