vulnerability
Easily exploitable Apache Struts vulnerability opens businesses to attack
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. …
Hackers stole contact info of 6 million Instagram users and are selling it online
Last week, Instagram pushed out a patch for a bug in the service’s API that allowed attackers to discover users’ email address and/or phone number. Facebook-owned …
Advantech fixes serious vulns in WebAccess HMI/SCADA software
Advantech has plugged nine security holes in WebAccess and has urged users to upgrade the software as soon as possible. Advantech WebAccess is a web browser-based software …
Cisco unveils LabVIEW code execution flaw that won’t be patched
LabVIEW, the widely used system design and development platform developed by National Instruments, sports a memory corruption vulnerability that could lead to code execution. …
Researchers figured out how to disable the Intel ME controller on Intel chipsets
Researchers have discovered that Intel Management Engine (Intel ME) 11, a dedicated (and non-optional) microcontroller integrated into all Intel chipsets, can be disabled …
Hacked robots can be a deadly insider threat
IOActive researchers have probed the security of a number of humanoid home and business robots as well industrial collaborative robots, and have found it seriously wanting. A …
Two Foxit Reader RCE zero-day vulnerabilities disclosed
Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one …
Google Chrome remote code execution flaw detailed, PoC released
Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] …
Researchers pull off DNA-based malicious code injection attack
Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a …
PACER vulnerability allowed hackers to access legal docs while sticking others with the bill
A CSRF flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. What is PACER? …
Microsoft fixes 25 critical issues in August Patch Tuesday
The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be …
Siemens CT scanners open to remote compromise via publicly available exploits
Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand. …