vulnerability
Apple issues security updates for macOS, iDevices
It’s time to patch your Mac, iDevices and software again: Apple has released security updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, …
Stealing Windows credentials using Google Chrome
Attacks that leak authentication credentials using the SMB file sharing protocol on Windows OS are an ever-present issue, exploited in various ways but usually limited to …
HP pushes out fix for keylogging audio driver in its laptops
Swiss security consultancy Modzero revealed on Thursday that a number of HP laptops contain an audio driver that logs users’ keystrokes and stores them in an unencrypted …
40 Asus RT routers open to attack through web interface vulnerabilities
If you own an Asus RT wireless router, and you haven’t updated its firmware for a while, now is the time to do it. Researchers from Nightwatch Cybersecurity have …
Defeating Magento security mechanisms: Attacks used in the real world
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in …
Google found over 1,000 bugs in 47 open source projects
In the last five months, Google’s OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it’s ready to integrate even more of …
Microsoft plugs crazy bad bug with emergency patch
On Monday night, Microsoft released a critical out-of-band security update for the Microsoft Malware Protection Engine, to plug an easily exploitable bug that could allow …
Bondnet botnet goes after vulnerable Windows servers
A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, “earning” him around $1,000 per day. …
Critical RCE flaw in ATM security software found
Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions. The …
WordPress admins, take note: RCE and password reset vulnerabilities revealed
Independent security researcher Dawid Golunski has released a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 …
Attackers exploited SS7 flaws to empty Germans’ bank accounts
Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks’ two-factor authentication and drain their …
SquirrelMail opens users to remote code execution
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered independently by two researchers. “If the …