Eskenzi PR ad banner Eskenzi PR ad banner

Top 10 Stories

A Flickr plugin contains a reflected XSS vulnerability which would allow an unauthenticated attacker to do almost anything an admin user can do. For this to happen, the administrator would have to be tricked into clicking on a link controlled by the attacker. It is easy to make these links very convincing.   view the full story here

Read moreDetails

Picking a programming language to learn can be a stressful task. The trendy language at any given time isn’t necessarily one that anyone will care about in a year, much less the one that’ll get you the best gigs. It’s interesting, then, to see what language programmers turn to when they’ve got their pick of the litter — when they’re coding not with some bosses’ wishes in mind, but when they’re just cracking away at...

Read moreDetails

If you can't reach a chum in the UK, chances are they've fallen victim to a substantial outage that's hit BT's voice and broadband services. Or a Total Inability To Support Usual Performance (TITSUP) incident. The carrier appears to be suffering from two issues, the first reported to us by Reg readers Colin and Neil who've complained of very slow downloads, difficulties accessing the Web, dropped packets galore and traceroutes that don't make it past...

Read moreDetails

It’s like something from a bad movie: eager to learn the details of the bad guy’s dastardly plot, the good guys hack his phone armed with little more than knowledge of his phone number. No physical access to the phone, no tricking him into opening some shady application; just a quick message sent to his phone, and bam — they’re in. Alas, that’s essentially how a new Android hack works, according to researchers… and the vast majority...

Read moreDetails

With the supposedly polished release of Windows 10 coming in two days, Microsoft should be putting its finishing touches on the operating system. Instead, it’s scrambling to fix a bug in its latest update, sent out through its Windows Insider Program last Saturday. According to CNET, the latest test version of the Windows software, build KB3074681, triggered unexpected behavior when some people attempted to uninstall programs through Control Panel instead of using the newer Settings...

Read moreDetails

A critical bug in the optimizer in the just-released .NET 4.6 runtime could break and crash production applications, we're warned. "The methods you call can get different parameter values than you passed in," says Nick Craver – software developer and system administrator for Stack Exchange, home of the popular programming support site Stack Overflow – in a post today. The bug was hard to spot because it only occurs when optimizations are enabled. This means...

Read moreDetails

Basware Banking/Maksuliikenne, a cash/bank account management software package for enterprises from software vendor Basware, has multiple critical vulnerabilities, which are described in a report. These vulnerabilities were first observed and reported to Basware by security researcher and author of this report, Samuel Lavitt, in August 2012. These vulnerabilities, and exploits to unlawfully gain economically from them in an undetectable manner, were demonstrated by the author to Basware and CERT-FI (part of the National Cyber Security...

Read moreDetails

The Xen Project has reported another guest/host escape bug, its third for the year including the VENOM vuln and the XSA-135 SNAFU. The new vuln glories in the name XSA-138, aka CVE-2015-5154 and means “An HVM guest which has access to an emulated IDE CDROM device (e.g. with a device with "devtype=cdrom", or the "cdrom" convenience alias, in the VBD configuration) can exploit this vulnerability to take over the qemu process elevating its privilege to...

Read moreDetails

In modern houses, it doesn’t take a poltergeist to turn lights on and off, unlock doors or send a shiver down occupiers’ spines anymore. Hackers have numerous avenues into people’s properties thanks to growing numbers of connected machines managing residential environments. Today, a slew of vulnerabilities in so-called “home automation” technologies, which provide an easy way to access all connected machines in a house from the web or a smartphone app, were revealed. They would...

Read moreDetails

Oracle has warned that the analytics features of its ZFS storage appliances can result in “unresponsive” systems. The post linked to above opens with Oracle staffer Matt Barnson stating “I've received a number of questions about analytics and the problems they cause for the Oracle ZFS Storage Appliance.” There's nothing wrong with Oracle's analytics – Barnson reckons they're a great reason to consider a ZFS appliance – but it appears owners of the appliances may...

Read moreDetails
Page 385 of 630 1 384 385 386 630