vulnerability
Intentional backdoors in iOS devices uncovered
A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive …
Unpatched OpenSSL holes found on Siemens ICSs
A number of Siemens industrial products have been found sporting four vulnerabilities in their OpenSSL implementation, which could lead to man-in-the-middle (MitM) attacks or …
vBulletin releases patches for critical SQL injection flaw
The vBulletin team has issued emergency patches for the critical SQL injection vulnerability responsibly reported by the Romanian Security Team. The flaw affects vBulletin …
Active Directory flaw impacts 95% of Fortune 1000 companies
Aorato identified a new threatening flaw within Active Directory that enables attackers to change a victim’s password, despite current security and identity theft …
Critical vulnerabilities in web-based password managers found
A group of researchers from University of California, Berkeley, have analyzed five popular web-based password managers and have discovered – and then responsibly …
Light Patch Tuesday fixes six issues, two critical
Microsoft has released the patches and it is a relatively light month. Six issues in total, 2 Critical, 3 Important, 1 Moderate. OS administration teams will be busy, …
DPAPI vulnerability allows intruders to decrypt personal data
Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The …
Security weakness found in WiFi enabled LED light bulb
Researchers at Context Information Security have been able to expose a security weakness in a WiFi enabled, energy efficient LED light bulb that can be controlled from a …
“Secure” UK hotel booking site leaking customer data
An infosec consultant looking to book a hotel via HotelHippo.com, owned by HotelStayUK, has ultimately discovered that the website is definitely not to be trusted with private …
Bug in WordPress plugin allows unauthorized file upload
WordPress users who also use the MailPoet plugin are urged to update it as soon as possible, as all versions but the latest one are plagued with a critical flaw that could …
Facebook SDK flaw allows unauthorized access to Facebook accounts
MetaIntell has uncovered a significant security vulnerability in the Facebook SDK (V3.15.0) for both iOS and Android. Dubbed Social Login Session Hijacking, when exploited …
PayPal 2FA flow partially mitigated, accounts are safe
In the wake of the revelation of a flaw that allows attackers to bypass PayPal’s two-factor authentication feature, the e-payment giant has made it temporarily …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments