vulnerability
Hack the Pentagon: Hackers asked to help secure public-facing systems
The US Department of Defense (DoD) has invited hackers participate in “Hack the Pentagon”, a program aimed at finding vulnerabilities in some of the …
Weak default credentials, command injection bug found in building operation software
A vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software can be exploited by a low-skilled, remote attacker to gain access to …
DROWN attack breaks TLS encryption, one-third of all HTTPS servers vulnerable
There’s a new attack that breaks the communication encryption provided by SSL and TLS and can therefore lead to theft of extremely sensitive data exchanged between users …
Can poorly designed embedded devices kill?
The industry is not taking safety and security seriously enough, according to the Barr Group, who conducted a survey to better understand the state of safety- and …
Insecure APIs allow anyone to mess with Nissan LEAF electric car
A vulnerability in the mobile app used to interact with Nissan LEAF, a popular electric car, can be exploited by remote, unauthenticated attackers to switch the car’s AC …
Sensitive child profiles, private messages exposed online
Security researcher Chris Vickery has discovered another database containing sensitive user data exposed online (i.e. accessible via Internet). Leveraging Shodan, he unearthed …
E-commerce web apps vulnerable to hijacking, database compromise
High-Tech Bridge researchers have published details and PoC exploit code for several serious vulnerabilities in Osclass, osCmax, and osCommerce, three popular open source …
Why a single point of failure should be your primary concern
Many organizations are transitioning to digital systems, which has increased the dependency on cloud service providers, web hosting platforms, and other external services. …
Critical Glibc flaw opens Linux distros, other software and devices to compromise
A critical bug has been found to open an unimaginable number of computers, networking and other connected devices to attacks that can result in complete system compromise. …
Year-old critical Magento flaw still exploited, payment info stolen
A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, …
Critical bug found in Cisco ASA products, attackers are scanning for affected devices
Several Cisco Adaptive Security Appliance (ASA) products – appliances, firewalls, switches, routers, and security modules – have been found sporting a flaw that …
Flaw in Sparkle Updater for Mac opens users of popular apps to system compromise
A security engineer has recently discovered a serious vulnerability in Sparkle, the widely used open source software update framework for Mac applications, that could be …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act