Articles about flaw

SQL injection

If your websites use WordPress, put down that coffee and upgrade to 4.8.3. Thank us later

Updated WordPress has a security patch out for a programming blunder that you should apply ASAP. The fix addresses a flaw that can be potentially exploited by hackers to hijack and take over WordPress-powered websites, by injecting malicious SQL database commands. The core installation of WordPress is not directly affected, we're …
Iain Thomson, 31 Oct 2017
Rage

Patch your WordPress plugins: Scum are right now hijacking blogs

The plugin gurus at WordFence have this week found three critical security holes in third-party WordPress extensions that are being actively exploited by hackers to take over websites. The team was investigating a number of hacking attacks that looked unusual and back-traced the intrusions to a PHP object injection …
Iain Thomson, 3 Oct 2017
Money explosion photo via Shutterstock

Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass

A teenager in Uruguay has scored big after finding and reporting a bug in Google's App Engine to view confidential internal Google documents. While bored in July, high schooler Ezequiel Pereira, who has all the makings of a competent security researcher, used Burp to manipulate the Host header in web connections to Google's …
Iain Thomson, 10 Aug 2017

Forget sexy zero-days. Siemens medical scanners can be pwned by two-year-old-days

Hackers can exploit trivial flaws in network-connected Siemens' medical scanners to run arbitrary malicious code on the equipment. These remotely accessible vulnerabilities lurk in all of Siemens' positron emission tomography and computed tomography (PET-CT) scanners running Microsoft Windows 7. These are the molecular imaging …
Iain Thomson, 4 Aug 2017
flaw

Fatal flaw found in PricewaterhouseCoopers SAP security software

A security tool built for SAP systems by PricewaterhouseCoopers has turned out to have worrying security holes of its own. German security research firm ESNC has been analyzing the Automated Controls Evaluator (ACE), which extracts relevant security and configuration data from an SAP system, analyzes it, and generates …
Iain Thomson, 9 Dec 2016
Photo by Christian Bertrand / Shutterstock

ABBA-solutely crapulous! Swedish router-maker won't patch gaping hole

European customer-premises equipment (CPE) kit-maker Inteno has said it isn't going to patch a hole that has been sitting in some of its routers for the last nine months, saying it's not the firm's problem. That's bad news if a European carrier, Inteno's key customers, dropped one of the problematic devices into your home. …
Iain Thomson, 2 Sep 2016
Linux hacking team

Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc

Analysis A flaw in the Linux kernel lets hackers inject malware into downloads and webpages, smash Tor connections, launch denial-of-service attacks, and more. This is a troubling security headache because Linux is used widely across the internet, from web servers to Android smartphones, tablets and smart TVs. The TCP/IP networking …
Iain Thomson, 10 Aug 2016

Yay! It's International Patch Your Scary OpenSSL Bugs Day!

Six security patches – two of them high severity – have been released today for OpenSSL 1.0.1 and 1.0.2. Last week, the open-source crypto-library project warned that a bunch of fixes were incoming, and true enough, Tuesday’s updates address serious flaws that should be installed as soon as possible. CVE-2016-2108 is a …
Iain Thomson, 3 May 2016
SHUT UP!

Trend Micro AV gave any website command-line access to Windows PCs

Updated PCs running Trend Micro's Windows antivirus can be hijacked, infected with malware, or wiped clean by any website, thanks to a vulnerability in the security software. The design blunders in the consumer build of Trend's AV were discovered by Google Project Zero bod Tavis Ormandy. A patch is now available to address the remote- …
Iain Thomson, 11 Jan 2016
Clint Eastwood bounty hunter

Researcher claims Facebook tried to gag him over critical flaw

A security researcher who found a critical flaw in Instagram is claiming that Facebook's chief security officer Alex Stamos tried to get him fired over the discovery. Earlier this year Wes Wineberg, a contractor with enterprise security intelligence firm Synack, received a tip on IRC about an Instagram server with an open …
Iain Thomson, 18 Dec 2015

Mold whine: Soylent superfood shipments stopped by spore scare

Soylent, which produces liquid food for techies who hate chewing, has stopped shipping its gloop after some of it was contaminated with mold. The firm started flogging version 2.0 of its formula in August, and has produced 400,000 bottles of the strange substance. It has since learned that 11 of the bottles had mold inside or …
Iain Thomson, 3 Oct 2015
Sad Android

Got an Android phone? SMASH IT with a hammer – and do it NOW

Android smartphones can be secretly infected by malware smuggled in via video text messages, allowing criminals to sneak inside as many as 950 million devices. You just need to know a victim's cellphone number to silently inject malicious software in their vulnerable gizmo. Once infected, your mobe's camera and mic can be used …
Iain Thomson, 27 Jul 2015
See No Evil Hear No Evil movie still

BT fixes home hub drop-out glitch ONE YEAR after denying flaw existed

BT has finally fixed a snag in its Home Hub 5 more than 12 months since customers began complaining about mystery disconnections that were hampering the wireless router. When The Register reported on the technical cockup in February 2014, BT was quick to dismiss the gripes by telling us it was "not aware of any issues" with …
Kelly Fiveash, 24 Feb 2015

Another day, yet another emergency Adobe Flash patch. Because that's how we live now

The new year hasn't been a pleasant one for Adobe: the Silicon Valley firm has scrambled to close yet more serious security holes in its Flash player. Last week the Photoshop biz rushed out a patch for a critical flaw in Flash that miscreants were exploiting in the wild to hijack victims' computers. Today, a new update has …
Iain Thomson, 27 Jan 2015

Tails-hacking Exodus: Here's video proof of our code-injection attack

Exodus Intelligence has revealed what it claims is video evidence of researchers unmasking an anonymous user of the Tails operating system. The security bods claim they can upload malicious code to a system running Tails, execute the payload remotely, and ultimately discover the victim's public IP address. Tails is a fork of …
Iain Thomson, 23 Jul 2014
NSA parody T-shirt

NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS

Updated The tech world is aflutter over the Heartbleed encryption flaw in OpenSSL, but it seems that the bug was no surprise to the analysts of the NSA, since they have reportedly been using it for two years to spy on data traffic. Two sources familiar with the matter told Bloomberg that NSA staff picked up on the fatal flaw shortly …
Iain Thomson, 11 Apr 2014

DARPA slaps $2m on the bar for the ULTIMATE security bug SLAYER

It's a bad day for the vulnerability scanning industry: DARPA has announced a new multi-million-dollar competition to build a system that will be able to automatically analyze code, find its weak spots, and patch them against attack. Mike Walker, DARPA program manager, said that the challenge was to start a "revolution for …
Iain Thomson, 22 Oct 2013
bug on keyboard

PayPal fixes critical account switcheroo bug after researcher tipoff

PayPal has fixed a critical flaw that allowed an attacker to delete any account at will and replace it with one of their own. In April, security researcher Ionut Cernica discovered that US PayPal account holders could add an email address to someone else's account by visiting a PayPal webpage. This then allowed the account to …
Iain Thomson, 23 Aug 2013

Create a news alert about flaw, or find more stories about flaw.

Biting the hand that feeds IT © 1998–2017