vulnerability
Vulnerability in GnuPG allowed digital signature spoofing for decades
A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected …
Researcher hacks smart fingerprint padlock in mere seconds
The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a …
Fooling security tools into believing malicious code was signed by Apple
The way developers of third-party security tools use the Apple code signing API could be exploited by attackers to make malicious code linger undetected on Macs, a security …
VMware plugs RCE hole in remote management agent
VMware has fixed a critical remote code execution vulnerability in VMware AirWatch Agent for Android and Windows Mobile, and is urging users to upgrade to the newest versions …
Adobe releases fix for actively exploited Flash Player zero-day
If you’re still using Flash Player, it’s time to update it again – and quickly: Adobe has just patched a critical zero day vulnerability (CVE-2018-5002) …
Vulnerable ship systems: Many left exposed to hacking
Pen Test Partners’ Ken Munro and his colleagues – some of which are former ship crew members who really understand bridge and propulsion systems – have been …
Zip Slip vulnerability affects thousands of projects
An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …
Quantifying cyber exposure: Attackers are racing ahead
Cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims, potentially siphoning sensitive data, …
New Spectre-like flaw found in CPUs using speculative execution
A new flaw that can allow an attacker to obtain access to sensitive information on affected systems has been discovered in modern CPUs. CVE-2018-3639, discovered by …
The percentage of open source code in proprietary apps is rising
The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging …
The pace of vulnerability disclosure shows no signs of slowing
Unless the pace of vulnerability disclosure slows down in the coming quarters, we are looking at yet another record-breaking year, according to Risk Based Security’s …
SAP systems: The threat of insecure configurations
Onapsis researchers revealed a critical security configuration vulnerability that results from default installations in SAP systems which if left insecure, could lead to a …