Thursday , 27 July 2017
Home » Tag Archives: Flaw

Tag Archives: Flaw

WordPress plugin with 10,000+ installations being exploited in the wild

A growing number of WordPress websites have been infected by attackers exploiting a vulnerability that remains unpatched in a widely used plugin called WP Mobile Detector, security researchers warned. The attacks have been under way since last Friday and are mainly being used to install porn-related spamming scripts, according to a blog post published Thursday. The underlying vulnerability in WP ... Read More »

Samsung Smart Home flaws let hackers make keys to front door

Computer scientists have discovered vulnerabilities in the Samsung Smart Home automation system that allowed them to carry out a host of remote attacks, including digitally picking connected door locks from anywhere in the world. The attack, one of several proof-of-concept exploits devised by researchers from the University of Michigan, worked against Samsung’s SmartThings, one of the leading Internet of Things ... Read More »

Nuix: Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”

Chris Pogue of Nuix has penned a whitepaper that argues that the security industry has been “fighting the wrong battle” using the wrong tools for 20 years. He cites the human vulnerability as the factor behind this assertion. “In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it ... Read More »

SQL injection vuln found at Panama Papers firm Mossack Fonseca

Grey hat security researchers have discovered new flaws in the systems of Panama leak firm Mossack Fonseca. A self-styled “underground researcher” claims to have found a SQL injection flaw on one of the corporate systems of the Panamanian lawyers. “They updated the new payment CMS, but forgot to lock the directory /onion/,” he said via the “1×0123” Twitter profile. Mossack Fonseca specialises ... Read More »

Flaw in CISCO FirePower Firewall allows malware evade detection

Cisco is releasing security updates to fix a critical vulnerability (CVE-2016-1345) that affects one of its newest products, the FirePower firewall. The flaw has been discovered by security researchers at Check Point Security. According to the security advisory published by Cisco, an attacker can remotely exploit the flaw to allow malware bypass detection measured implemented by the FirePower firewall. “A vulnerability ... Read More »

Microsoft account-hijacking hole closed 48 hours after bug report

British researcher Jack Whitton has reported a Microsoft account hijacking authentication bug that would have been another arrow in an attacker’s phishing quiver, save for the fact that Microsoft fixed it. Whitton quietly reported the flaw to Microsoft which pounced and took only two days to process and patch the flaw. The flaw meant attackers would have been able to ... Read More »

Leaf it out mate! Nissan car hijacked by security researcher

Troy Hunt has uncovered a flaw within the Nissan Leaf’s companion app that allows hackers to see data about recent journeys and meddle with other aspects of the vehicle such as climate control and battery life. All they need is he vehicle identity number (VIN). Mr. Hunt gave Nissan one month to fix the flaw prior to his unmasking of them ... Read More »

Shopping online at ASDA could put your credit card details at risk

British shoppers might want to check out the following YouTube video by security consultant Paul Moore, especially if they buy their groceries online from ASDA. Moore says that he notified ASDA of various serious security flaws on its website in March 2014, and was promised a fix “in the next few weeks”. However, Moore says that after waiting 677 days ... Read More »

Google hacker criticized TrendMicro for critical flaws

Tavis Ormandy, a researcher with Google’s Project Zero vulnerability research team, publicly disclosedcritical vulnerabilities in TrendMicro Antivirus that could be exploited to execute malicious code on the targeted system. Ormandy took only about 30 seconds to find the first code-execution vulnerability affecting the TrendMicro antivirus program. An attacker could exploit the security flaws to access contents of a password manager built ... Read More »

Simple yet effective eBay bug allows hackers to steal passwords

A simple, yet effective flaw discovered on eBay’s website exposed hundreds of millions of its customers to an advance Phishing Attack. An Independent Security Researcher reported a critical vulnerability to eBay last month that had the capability to allow hackers to host a fake login page, i.e. phishing page, on eBay website in an effort to steal users’ password and ... Read More »