vulnerability
Custom code accounts for 93% of application vulnerabilities
Although third-party software libraries represent a majority of an application’s code, they account for less than seven percent of application vulnerabilities. Typically, …
Apple patches critical Broadpwn vulnerability in its various OSes
Apple has released security updates for iOS, macOS (Sierra, El Capitan, and Yosemite), Safari, iCloud, iTunes, watchOS and tvOS. As per usual, the same fixed Webkit flaws …
Hacker grabs $30 million in ether through Parity multisig wallet flaw
Another day, another cryptocurrency heist: this time, the attacker has stolen some $30 million in ether (ETH – value token of the Ethereum blockchain) from a number of …
Exploitable gSOAP flaw exposes thousands of IoT devices to attack
Researchers have unearthed a serious vulnerability in gSOAP, an open source, third-party code library used by thousands of IoT by many different manufacturers. Senrio Labs …
Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter
New IOActive research exposes critical security vulnerabilities found in the Segway miniPRO electric scooter. If exploited, an attacker could bypass safety systems and …
Attackers are taking over NAS devices via SambaCry flaw
A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures (MIPS, ARM, PowerPC, etc.), Trend Micro …
EternalBlue vulnerability scanner statistics reveal there are exposed hosts worldwide
After the recent massive WannaCry ransomware campaign, Elad Erez, Director of Innovation at Imperva, was shocked at the number of systems that still sported the Microsoft …
Why Kodi boxes can pose a serious malware threat
When new streaming devices, such as the Amazon Firestick and Apple TV, were first introduced, many were intrigued by the ease by which they could watch “over the …
Azure AD Connect vulnerability allows attackers to reset admin passwords
A vulnerability in Azure AD Connect could be exploited by attackers to reset passwords and gain unauthorized access to on-premises AD privileged user accounts, Microsoft …
Google researcher uncovers another RCE in Microsoft Malware Protection Engine
Google Project Zero researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine, which …
Stack Clash bug could give root privileges to attackers on Unix, Linux systems
Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to …
Foscam IP cameras riddled with gaping security holes
F-Secure researchers have discovered a bucketload of serious security vulnerabilities affecting IP cameras made by Chinese manufacturer Foscam. Even though notified months …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act