vulnerability
Four high-profile vulnerabilities in HTTP/2 revealed
Imperva released a new report at Black Hat USA 2016, which documents four high-profile vulnerabilities researchers at the Imperva Defense Center found in HTTP/2, the new …
Kaspersky Safe Browser iOS app sports MITM SSL certificate bug
Security researcher David Coomber has unearthed a vulnerability (CVE-2016-6231) in the Kaspersky Safe Browser iOS app that effectively contradicts its name. As it turns out, …
Intel Crosswalk bug invalidates SSL protection
A bug in the Intel Crosswalk Project library for cross-platform mobile development can open users to man-in-the-middle attacks, researchers from Nightwatch Cybersecurity have …
Osram’s intelligent home lighting system is riddled with flaws
“Intelligent” home lighting system Osram Lightify sports a number of security vulnerabilities, some of which could lead to compromise of the product and the …
LastPass zero-day can lead to account compromise
A zero-day flaw in the popular password manager LastPass can be triggered by users visiting a malicious site, allowing attackers to compromise the users’s account and …
Low-cost wireless keyboards open to keystroke sniffing and injection attacks
Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, …
50+ vulnerabilities found in popular home gateway modems/routers
Researcher Gergely Eberhardt with Hungarian security testing outfit SEARCH Laboratory has unearthed over fifty vulnerabilities in five home gateway modems/routers used by …
Amazon Silk browser removes Google’s default encryption
Google’s good intentions of keeping searches made via its search engine protected through default encryption have been stymied by Amazon. A bug in the Amazon Silk …
Critical holes in Micro Focus Filr found, plugged
Popular enterprise file management and collaborative file sharing solution Micro Focus Filr sports half a dozen security flaws, most of which can be exploited – either …
Warframe, Clash of Kings players’ info stolen after forum hacks
Two new website hack/ user data theft combos have been revealed last week, and the victims are players of popular mobile real time strategy game Clash of Kings and online …
Dell SonicWALL GMS comes with hidden default account
While developing new audit modules for the company’s vulnerability scanning technology, Digital Defense researchers found six vulnerabilities in Dell’s SonicWALL …
Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk
Onapsis released new security advisories detailing vulnerabilities in SAP HANA and SAP Trex. Included in the advisories is a critical risk vulnerability that could be used to …