Browsing category
Android bootloader components from five major chipset vendors are affected by vulnerabilities that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks. The vulnerabilities came to light during research carried out by a team of nine computer scientists from the University of California, Santa Barbara. Researchers developed BootStomp to analyze […]
A bug that exposed users’ contact information affected a far greater number of accounts than Instagram originally said. The bug, which appears to have been responsible for Selena Gomez’s account being hacked this week, allowed hackers to scrape email addresses and contact information for millions of accounts, Instagram said today. (It has since been fixed.) While […]
GitLab is a widely used SaaS provider that focuses on developer related issues, including Git repository management, issue tracking and code review. During a recent pen test of GitLab (I wanted to see the service was a good fit to use at Incapsula), I was surprised to come across a vulnerability that leaves users exposed […]
An extension of the WooCommerce WordPress plugin, used by 28 percent of all online stores, has been patched against a reflected cross-site scripting vulnerability. The vulnerability was found in the Product Vendors plugin, which allows an existing ecommerce site to support multiple vendors, products and payment options. Versions 2.0.35 and earlier are affected by this […]
SAP POS Xpress Server does not perform any authentication checks for critical functionality that requires user identity. As a result, administrative and other privileged functions can be accessed without any authentication procedure thus allowing anyone who gets into the network to change prices or set discounts. The vulnerabilities were identified by ERPScan researchers and reported […]
LabVIEW is a system design and development platform released by National Instruments. The software is widely used to create applications for data acquisition, instrument control and industrial automation. Talos is disclosing the presence of a code execution vulnerability which can be triggered by opening specially crafted VI files, the proprietary file format used by LabVIEW. […]
For those of you who are not interested in iOS research and would like to protect themselves against these vulnerabilities, we urge you to update your iOS device to the latest version. Without an advanced mobile security and mitigation solution on the device (such as Zimperium zIPS), there’s little chance a user would notice any malicious […]
Metadata from web traffic generated by smart devices installed in a home can reveal quite a lot of information about the owner’s habits and lifestyle. According to research published this month by experts from Princeton University, a determined attacker with “capabilities similar to those of an ISP” can use passive network monitoring techniques to collect […]
Adobe published a new version of Flash player in the middle of this week covering the Security issues under CVE-2017-3085 that affects all the platforms of windows(Windows XP, Vista, 7, 8.x and 10). This flaw was identified by Security researcher Ruytenberg and it was derived from the old vulnerability(CVE-2016-4271) which Adobe patched on September 2016. […]
Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company’s FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design […]
Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with […]
An estimated 175,000 Internet of Things (IoT) connected security cameras manufactured by Shenzhen Neo Electronics are vulnerable to cyber attacks. According to a new report from security provider Bitdefender, roughly 175,000 connected security cameras are vulnerable to cyber attacks. The vulnerable cameras are manufactured by the Chinese company Shenzhen Neo Electronics that offers surveillance and security solutions, […]
Three security researchers have discovered security vulnerabilities in the telematics control units (TCUs) used in BMW, Ford, Infiniti, and Nissan vehicles. Three security researchers have discovered security vulnerabilities in the telematics control unit (TCU) manufactured by Continental AG that is installed on various car models manufactured by BMW, Ford, Infiniti, and Nissan. The researchers are Mickey Shkatov, […]
On Friday, an unknown hacker hijacked the Copyfish Chrome extension from its original authors and pushed an update that inserted ads in people’s web pages. The hack took place because one of the Copyfish developers fell for a simple phishing trick and accessed a link in an email he thought he received from the Chrome team. In […]
EXCLUSIVE — The author of the BrickerBot malware has claimed a cyber-attack that took place in various Indian states and has caused over 60,000 modems and routers to lose Internet connectivity. The incident affected modems and routers belonging to Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL), two Indian state-owned telecommunications service […]
Airline confirms hack that took place on March 13. Virgin America has confirmed in a letter sent to employees that its network was compromised by hackers, with data belonging to thousands of workers compromised and possibly stolen by the attackers. While an investigation is already under way, the airline did not provide any specifics about the hackers, saying […]
Two US security researchers have found vulnerabilities in smart car wash solutions sold by PDQ, a US-based vendor of Internet-connected car wash equipment and software. According to the research team, the security flaws could be exploited to cause damage to cars or physical harm to passengers or car wash employees. The vulnerabilities were discovered back […]
LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security. […]
Ruben Santamarta, a security researcher for IOActive, has found various vulnerabilities in nuclear radiation monitoring equipment from three vendors, who when contacted by the researcher, declined to fix the reported flaws, each for various reasons. The vulnerabilities were found in multiple product models sold by Digi, Ludlum, and Mirion. Vulnerabilities found in very critical equipment […]
Security researchers from Chinese security firm Tencent Keen Security Lab have found and helped fix several vulnerabilities in Tesla Model X cars that would have allowed an attacker to control the vehicle from a remote location. Keen Lab experts were able to control a stationary car’s lights, in-vehicle displays, and open its doors and trunk. […]
USUALLY VULNERABILITIES IN software are accidents or mistakes—flaws that shouldn’t be there. But they can also stem from unintended consequences of features working the way they’re supposed to. Those problems prove difficult to resolve, especially if the potentially impacted feature has an important, legitimate use. That’s what happened with Cloak & Dagger, an attack that manipulates […]