vulnerability
Millions of smartphones, IoT devices risk compromise due to 3-year-old bug
Can you believe that an estimated 6.1 million smart phones, routers, and smart TVs are vulnerable to remote code execution attacks due to security bugs that have been fixed …
High-impact DoS flaw patched in Node.js, update as soon as possible
The Node.js Foundation has pushed out a patch for its eponymous open source, cross-platform runtime environment for developing server-side web applications. The fix plugs two …
Elasticsearch servers actively targeted by botmasters
Elasticsearch is one of the most popular choices when it comes to enterprise search engines.Unfortunately, a couple of remote code execution flaws (CVE-2015-5377, …
3G/4G cellular USB modems are full of critical security flaws, many 0-days
An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them.The SCADA Strange Love team …
Flaws in medical data management system can be exploited to modify patient information
Two vulnerabilities found in v3.3 of Epiphany’s Cardio Server ECG Management System, a popular system that is used to centralize and manage patient data by healthcare …
Belkin’s N150 router sports multiple flaws, including default access credentials for telnet server
Belkin’s SOHO routers are not exactly a paragon of a secure device, so it shouldn’t come as a surprise that, once again, a security researcher has unearthed a …
Telegram Android app is a stalker’s dream
Popular instant messaging service Telegram provides optional end-to-end encrypted messaging and, in general, is highly focused on protecting user privacy.Despite these …
VPN protocol flaw allows attackers to discover users’ true IP address
The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited …
More than 900 embedded devices share hard-coded certs, SSH host keys
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a …
Dell shipped computers with root CA cert, private crypto key included
All desktop and laptops shipped by Dell since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it, opening users to the …
9271 crucial vulnerabilities found in 185 firmware images of embedded devices
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices – …
Cyber crooks actively hijacking servers with unpatched vBulletin installations
Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are actively searching for servers …