Tag: Vulnerabilities
You are here: Home \ Vulnerabilities \ Page 117
Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla Foundation’s plug-in vetting process for its Firefox browser. Researchers presented...
Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys. Dominik Schürmann and Lars Wolf, researchers at the Braunschweig University of Technology in Germany, discovered the vulnerability, which they’ve dubbed...
Google has patched a vulnerability being exploited in the wild to root Nexus 5 Android devices. The public exploit—a rooting application—was privately disclosed to Google on March 15 by Zimperium researchers, and a less than a month after CORE Team researchers reported that CVE-2015-1805, which was patched in 2014 in the Linux kernel, also affects...
Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-’90s and still in use today. Researchers at Cisco’s security research arm, Cisco Talos, identified the vulnerability calling it as a classic heap-spray exploit. In a report disclosing the vulnerability, Talos reports a rigged LHA and LZH...
New ransomware called KimcilWare is targeting websites running the Magento ecommerce platform, used by the likes of Vizio, Olympus and Nike. According to security experts from the MalwareHunterTeam, hackers exploit vulnerabilities in the Magento ecommerce platform and install the KimcilWare ransomware on the webserver. Once installed, attackers use Rijndael block ciphers to encrypt website files and demanding...
The Department of Defense announced today that registration for its Hack the Pentagon bug bounty trial program is open, and that the program will be run on the HackerOne platform. The trial of the government’s first bug bounty program will run April 18 to May 12. The DoD said only certain public-facing websites will be...
Apple’s Developer Enterprise Program has been abused in the recent past to push malicious apps onto iOS devices, most notably with the WireLurker, XcodeGhost and YiSpecter attacks. In all three cases, attackers legitimately obtained certificates under the program, which is available to enterprises wishing to develop and internally distribute mobile apps for their workforces without...
Wall Street-savvy hackers are behind a data breach that involves a who’s-who of New York City legal firms. Federal investigators are looking into the breach that included Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, both high-profile New York-based law firms. Cravath Swaine & Moore said told Threatpost its computer networks were infiltrated...
More than 1,400 vulnerabilities exist in a widely used drug cabinet system, according to an advisory issued by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) on Tuesday. The problems exist in Pyxis SupplyStation, an automated medical supply cabinet manufactured by CareFusion. The systems, common in nursing setups in facilities across the healthcare sector,...
Portions of the hospital chain MedStar Health remain offline Wednesday as a result of a major malware attack that occurred Monday and crippled the hospital’s computer systems and forced one of the largest healthcare providers in Maryland and Washington, D.C. to turn patients away. The healthcare provider said the attack forced it to shut down its...