vulnerability

ICS-CERT warns about vulnerable SCADA system that can’t be updated
A web-based SCADA system deployed mainly in the US energy sector sports vulnerabilities that may allow attackers to perform configuration changes and administrative operations …

Faulty TLS implementation opens VISA sites, users to attack
A group of researchers has discovered 184 HTTPS servers that are wide open to attackers looking to inject seemingly valid content into encrypted sessions. Some of these …

WPAD name collision bug opens door for MitM attackers
A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to …

Almost all Android users vulnerable to Accessibility Clickjacking attacks
Symantec researchers recently posited that Android banking malware with screen overlay capabilities might soon start tricking users into turning on Android’s Accessibility …

Bug in Symantec’s anti-virus engine can lead to system compromise
Google Project Zero researcher Tavis Ormandy has unearthed a critical remote code execution vulnerability in the anti-virus engine powering Symantec’s endpoint security …

Latest Flash 0day exploit delivered via booby-trapped Office file
Four days have passed since Adobe patched the latest Flash Player 0day vulnerability exploited in attacks in the wild and, in the meantime, we have been given more details …

Mozilla fights in court to get info about potential Firefox flaw
Mozilla has asked a Washington State District Court to compel FBI investigators to provide details about a vulnerability in the Tor Browser with them before they share it with …

SAP vulnerability exploited to compromise enterprises worldwide
A SAP vulnerability, patched over five years ago, is being leveraged to exploit SAP systems of many large-scale global enterprises, US-CERT warns. At least 36 organizations in …

Internet of Fail: How modern devices expose our lives
Should you sync your family’s calendar to your refrigerator or have it display photos? Samsung believes you should. They also think you need cameras that display the …

Web servers and sites under attack via ImageMagick zero-day flaw
A zero-day remote code execution flaw has been found in ImageMagick, an image processing library that allows image uploads from untrusted users (site visitors) and is widely …

Samsung’s smart home platform flaws let attackers fiddle with your doors
Researchers have managed to exploit design flaws in the Samsung SmartThings smart home programming platform and successfully mount a series of attacks that could result in …

Facebook vulnerability allowed access to personal and payment information
Bitdefender has discovered a significant vulnerability within Facebook which allowed access to any user account through simple social login manipulation. The attacker was able …