vulnerability

Bug poachers target businesses, demand money for bug info
Businesses are being hit with an extortion attempt based on attackers penetrating their network or websites and stealing corporate or user data. The attackers don’t say …

Twitter paid out $322,420 in bug bounties
Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many …

Check Point finds dangerous vulnerabilities in LG mobile devices
Check Point found two vulnerabilities which can be used to elevate privileges on LG mobile devices to attack them remotely. These vulnerabilities are unique to LG devices, …

ICS-CERT warns about vulnerable SCADA system that can’t be updated
A web-based SCADA system deployed mainly in the US energy sector sports vulnerabilities that may allow attackers to perform configuration changes and administrative operations …

Faulty TLS implementation opens VISA sites, users to attack
A group of researchers has discovered 184 HTTPS servers that are wide open to attackers looking to inject seemingly valid content into encrypted sessions. Some of these …

WPAD name collision bug opens door for MitM attackers
A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to …

Almost all Android users vulnerable to Accessibility Clickjacking attacks
Symantec researchers recently posited that Android banking malware with screen overlay capabilities might soon start tricking users into turning on Android’s Accessibility …

Bug in Symantec’s anti-virus engine can lead to system compromise
Google Project Zero researcher Tavis Ormandy has unearthed a critical remote code execution vulnerability in the anti-virus engine powering Symantec’s endpoint security …

Latest Flash 0day exploit delivered via booby-trapped Office file
Four days have passed since Adobe patched the latest Flash Player 0day vulnerability exploited in attacks in the wild and, in the meantime, we have been given more details …

Mozilla fights in court to get info about potential Firefox flaw
Mozilla has asked a Washington State District Court to compel FBI investigators to provide details about a vulnerability in the Tor Browser with them before they share it with …

SAP vulnerability exploited to compromise enterprises worldwide
A SAP vulnerability, patched over five years ago, is being leveraged to exploit SAP systems of many large-scale global enterprises, US-CERT warns. At least 36 organizations in …

Internet of Fail: How modern devices expose our lives
Should you sync your family’s calendar to your refrigerator or have it display photos? Samsung believes you should. They also think you need cameras that display the …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act