Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network.

Adobe only fixed six vulnerabilities in two products, making it the company’s smallest security bulletin of the year.

A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code. Researcher Dawid Golunski of Legal Hackers privately disclosed the vulnerability, which was patched Aug. 5 in versions 3.8.9 (and 3.8.10 beta), 4.2.3 (and 4.2.4 beta), and 5.2.3 of...

URL shorteners are convenient, but for a long time gave security practitioners anxiety because it was difficult to determine where the shortened address was taking you. Two researchers have now given you new reasons to fear URL shorteners, especially for those storing and sharing data on cloud-based services. Independent researcher Martin Georgiev and Cornell University...