Please turn on your JavaScript for this page to function normally.
Fortinet
SSH backdoor found in more Fortinet devices, exploit attempts spotted in the wild

In case you missed it, Fortinet announced last week that the recently discovered FortiOS SSH backdoor – or, as they call it, “a management authentication …

Magento
Magento plugs XSS holes that can lead to e-store hijacking, patch immediately!

Last week, Magento released a very important bundle of patches for their eponymous e-commerce platform that should be implemented as soon as possible. The bundle plugs a …

labyrinth
“Deliberately hidden” backdoor found on US government’s comms system

Researchers from Austrian infosec outfit SEC Consult have unearthed what they dubbed a “deliberately hidden backdoor account” in NX-1200, a network controller …

Windows
Old, unpatched flaws exploited to achieve control of Windows systems, networks

Foxglove Security researcher Stephen Breen has demonstrated that you don’t need to exploit a 0-day or even a recently discovered vulnerability to gain the highest level …

Tux
0-day in Linux kernel endangers Linux servers, Android devices

A serious and pretty longstanding flaw in the Linux kernel has been recently discovered by researchers from infosec outfit Perception Point. The vulnerability (CVE-2016-0728) …

Intel CPU
Intel patches MiTM flaw in its Driver Update Utility

Intel has fixed a remotely exploitable vulnerability (CVE-2016-1493) in the Intel Driver Update Utility which could be used by a man-in-the-middle attacker to corrupt …

sign
Good practice guide on disclosing vulnerabilities

ENISA published a good practice guide on vulnerability disclosure, aiming to provide a picture of the challenges the security researchers, the vendors and other involved …

LastPass
LostPass: A worryingly simple phishing attack aimed at LastPass users

Security researcher (and Praesido CTO) Sean Cassidy has demonstrated at ShmooCon how easy it can be for hackers to steal LastPass users’ email, password, and two-factor …

OS X Gatekeeper
OS X’s Gatekeeper bypassed again

Do you remember when, last October, Synack director of research Patrick Wardle found a simple way to evade OS X’s Gatekeeper defense mechanism by bundling up a …

OpenSSH
Flaw allows malicious OpenSSH servers to steal users’ private SSH keys

Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by …

Vectra Networks webcam
Cheap web cams can open permanent, difficult-to-spot backdoors into networks

They might seems small and relatively insignificant, but cheap wireless web cams deployed in houses and offices (and connected to home and office networks) might just be the …

Cisco network
Cisco kills hardcoded password bug in Wi-Fi access points

Along with fixes for a number of older vulnerabilities in Cisco IOS and IOS XE software, the Cisco IOS Software Common Industrial Protocol, and the OpenSSL package …

Don't miss

Cybersecurity news