Tag: Vulnerability
You are here: Home \ Vulnerability \ Page 5
Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts.
Single sign-on company OneLogin began notifying customers this week that an attacker was able to take advantage of a bug in its system and view sensitive notes posted by users, thought to be secure. The company, whose authentication technology secures cloud-based applications, confirmed the incident Tuesday in a blog post. The compromised feature, Secure Notes, enables...
Mike Mimoso and Chris Brook discuss the news of the week, including the Shadow Brokers debacle, the VeraCrypt audit, Pokemon ransomware, and a browser address bar vulnerability. Download: Threatpost_News_Wrap_August_19_2016.mp3 Music by Chris Gonsalves
Facebook has patched a vulnerability in the desktop and mobile versions of its Messenger app that allows an attacker to access and modify chats, exposing the victim to potential fraud and malware. Researchers at Check Point Software Technologies privately disclosed the issue May 2 to Facebook, which patched it two weeks later. The flaw, Check...
More than a quarter million homes protected by SimpliSafe wireless security systems are vulnerable to hackers who can deactivate the alarm anytime, according to IOActive, a Seattle-based security consulting firm. IOActive published a proof of concept report on Wednesday that outlines how it disarmed SimpliSafe’s wireless home security systems. The hack, according IOActive researcher Andrew Zonenberg,...
A Java serialization vulnerability disclosed more than a year ago figured to have a long shelf life. It lived in popular Java application development frameworks such as Apache Commons Collections—where it’s been patched—and not to mention widely deployed application servers such as Oracle WebLogic, IBM WebSphere, Red Hat’s JBoss and others. PayPal this week put...
3 November 2015 - 11:27,
by ,
in News, No comments
A controversial hacking company recently ran a competition offering $3m for up to three click-to-own exploits against Apple’s iOS. The exploits would be sold on to “eligible customers” only. The competition is now closed, but one exploit apparently met the grade and will earn $1,000,000. We investigate: what “click-to-own” means, why exploits of this sort...
2 November 2015 - 15:37,
by ,
in News, No comments
An extremely serious vulnerability lay undiscovered at the heart of much of The Cloud for seven years. The vulnerability (CVE-2015-7835), which affects the Xen hypervisor software used by Cloud hosting companies like Amazon Web Services, is so serious that it was widely patched under embargo before being disclosed on 29 October 2015. It was discovered by 栾尚聪 (好风) of Alibaba and affects Xen software from...
26 October 2015 - 21:21,
by ,
in News, No comments
Last week, we wrote a handy article in our new What is… series about Virtual Private Networks. This week, we’re looking at the IoT, or Internet of Things. We decided on the Internet of Things because week 4 of Cybersecurity Awareness Month (CSAM) urged us to be #CyberAware about our Evolving Digital Lives. And those...
23 October 2015 - 10:05,
by ,
in News, No comments
If you’re one of those people who waits for the first update to an update before you install it… …and you’re also an OS X or an iOS user, then your number’s just been called. In a flurry of Security Advisories published this week [2015-10-21] by Apple, the following security-oriented updates were announced: OS X...