Thursday , 27 July 2017
Home » Tag Archives: Vulnerability

Tag Archives: Vulnerability

Flaw in Virgin Media Super Hub leaves it open to attack

Researchers from Context Information Security have discovered a flaw in Virgin Media wireless home routers, allowing them to gain unauthorised administrative-level access to the devices. After reverse engineering software from the Super Hub 2 and Super Hub 2AC, manufactured by Netgear, Context’s Jan Mitchell and Andy Monaghan discovered vulnerabilities in a feature allowing users to create backups of their custom ... Read More »

In-app security will play a key role in thwarting Cloak & Dagger vulnerability, says Promon

The recent discovery of the Cloak & Dagger attack vector, which can steal personal information by mimicking the activities of apps, is indicative of the new level of sophistication that Android-targeted malware has reached. To increase the chances of defeating attacks of this nature, in-app security needs to move to the top of the agenda for any app-focused business. This ... Read More »

Apple Patches Tens of Vulnerabilities in iOS, OS X

OS X El Capitan 10.11.6 fixes a total of 60 security bugs affecting components such as audio, CFNetwork, CoreGraphics, FaceTime, graphics drivers, ImageIO, the kernel, the login window, OpenSSL, QuickTime, sandbox profiles, and the libxml2 and libxslt libraries. The CFNetwork vulnerability, tracked as CVE-2016-4645, was reported to Apple by Abhinav Bansal of Zscaler. The security firm published a blog post ... Read More »

US gov vulnerability disclosure requires oversight, says new report

The US government should overhaul its policies on vulnerability disclosure according to a new report. Authored by Ari Schwartz and Rob Knake, the paper seeks to cut a middle ground between those who say that the government has the right to collect and exploit vulnerabilities and those, like Bruce Schneier, who says it does not. It takes specific aim at ... Read More »

CVE-2016-4171 – Another Flash Zero-Day exploited in targeted attacks

Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability (CVE-2016-4171) exploited in targeted attacks will only be issued later this week. A security fix for the vulnerability is expected to become available starting from June 16. The ... Read More »

WordPress plugin with 10,000+ installations being exploited in the wild

A growing number of WordPress websites have been infected by attackers exploiting a vulnerability that remains unpatched in a widely used plugin called WP Mobile Detector, security researchers warned. The attacks have been under way since last Friday and are mainly being used to install porn-related spamming scripts, according to a blog post published Thursday. The underlying vulnerability in WP ... Read More »

Five most common myths about Web security

Ilia Kolochenko,
High-Tech Bridge

Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment. Almost 3 terabytes of data stolen in the Panama Gate scandal will shortly become searchable online. Mossack Fonseca, the breached legal firm behind one of the largest data leaks in the history, had numerous high-risk vulnerabilities in its front-end web applications, including its Client Information Portal. Actually, few ... Read More »

Uh-oh! Critical vulnerability in Symantec’s core scan engine – industry reaction

Symantec’s core scan engine has a critical vulnerability which lets attackers remotely execute code on a victim’s machine just by sending them an email or a link. The victim doesn’t even need to open it. It just has to be scanned by the AV program. The scan engine uses a filter driver to intercept I/O operations at the kernel level. In its advisory, Symantec acknowledged the ... Read More »

Nuix: Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”

Chris Pogue of Nuix has penned a whitepaper that argues that the security industry has been “fighting the wrong battle” using the wrong tools for 20 years. He cites the human vulnerability as the factor behind this assertion. “In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it ... Read More »

SQL injection vuln found at Panama Papers firm Mossack Fonseca

Grey hat security researchers have discovered new flaws in the systems of Panama leak firm Mossack Fonseca. A self-styled “underground researcher” claims to have found a SQL injection flaw on one of the corporate systems of the Panamanian lawyers. “They updated the new payment CMS, but forgot to lock the directory /onion/,” he said via the “1×0123” Twitter profile. Mossack Fonseca specialises ... Read More »