vulnerability
Cisco UCS servers can be hijacked with malicious HTTP request
A data center server platform running Cisco’s Unified Computing System (UCS) Central Software can be compromised by unauthenticated, remote attackers with a single, …
Samsung Galaxy devices can be made to make calls, send messages while locked
Half a dozen (and possibly even more) Samsung Galaxy phones can be made to place phone calls or send text messages even when they are locked, thanks to exposed USB modems. …
Microsoft patches Badlock, but doesn’t call it critical
Microsoft just released several security bulletins, with six marked as critical and seven categorized as important. The biggest surprise (or disguise) came in the patch marked …
Bug in OS X Messages client exposes messages, attachments
When in March Apple pushed out security updates for its many products, much attention has been given to a zero-day bug discovered by a team of Johns Hopkins University …
Google’s poor design decision undermines 2FA protection
A design decision by Google can be exploited by attackers to gain control of both devices needed to access users’ accounts protected via SMS-based 2-factor …
Researchers release PoC exploit for broken IBM Java patch
Polish firm Security Explorations has had enough of broken patches for security vulnerabilities it has reported to vendors. On Monday, the company’s CEO Adam Gowdiak has …
Microsoft plugs online services account hijacking vulnerability
London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for …
Update your ManageEngine Password Manager Pro ASAP!
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for …
US passport and visa database open to intrusion?
The Consular Consolidated Database (CCD), which contains over 290 million passport-related records, 184 million visa records, and 25 million records on US citizens living …
PHP, Python still fail to spot revoked TLS certificates
In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: …
Flaw in HID door controllers lets attackers unlock doors, deactivate alarms
Trend Micro researcher Ricky Lawshae has unearthed a critical vulnerability in HID’s VertX and Edge door controllers. Exploiting the flaw is easy, and could result in …
SideStepper vulnerability can be used to install malicious apps on iOS
Check Point researchers have identified SideStepper, a vulnerability that can be used to install malicious apps on iPhones and iPads to steal login credentials and sensitive …