vulnerability
0-day in Linux kernel endangers Linux servers, Android devices
A serious and pretty longstanding flaw in the Linux kernel has been recently discovered by researchers from infosec outfit Perception Point. The vulnerability (CVE-2016-0728) …
Intel patches MiTM flaw in its Driver Update Utility
Intel has fixed a remotely exploitable vulnerability (CVE-2016-1493) in the Intel Driver Update Utility which could be used by a man-in-the-middle attacker to corrupt …
Good practice guide on disclosing vulnerabilities
ENISA published a good practice guide on vulnerability disclosure, aiming to provide a picture of the challenges the security researchers, the vendors and other involved …
LostPass: A worryingly simple phishing attack aimed at LastPass users
Security researcher (and Praesido CTO) Sean Cassidy has demonstrated at ShmooCon how easy it can be for hackers to steal LastPass users’ email, password, and two-factor …
OS X’s Gatekeeper bypassed again
Do you remember when, last October, Synack director of research Patrick Wardle found a simple way to evade OS X’s Gatekeeper defense mechanism by bundling up a …
Flaw allows malicious OpenSSH servers to steal users’ private SSH keys
Qualys researchers have discovered two vulnerabilities in the popular OpenSSH implementation of the secure shell protocol, one of which (CVE-2016-0777) could be exploited by …
Cheap web cams can open permanent, difficult-to-spot backdoors into networks
They might seems small and relatively insignificant, but cheap wireless web cams deployed in houses and offices (and connected to home and office networks) might just be the …
Cisco kills hardcoded password bug in Wi-Fi access points
Along with fixes for a number of older vulnerabilities in Cisco IOS and IOS XE software, the Cisco IOS Software Common Industrial Protocol, and the OpenSSL package …
Your smartwatch can give away your payment card’s PIN code
Smartwatches can be a perfectly useful and handy wearable device for some users, but it’s good to keep in mind that using them might mean opening yourself to an …
Fortinet says backdoor found in FortiOS is “a management authentication issue”
Fortinet, the company whose enterprise network security offerings include the popular FortiGate firewall platform, has issued a statement regarding a security issue that has …
Google researchers finds critical flaws in Trend Micro AV solution
If you are using Trend Micro’s Maximum Security 10 solution for Windows, you might want to update it to the latest available version as soon as possible. If you …
Drupal moves to fix flaws in update process
After IOActive researcher Fernando Arnaboldi publicly revealed three crucial vulnerabilities in Drupal’s update process last Thursday, the Drupal Security Team published …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act