Articles about vulnerability

SecurEnvoy SecurMail, you say? Only after this patch is applied, though

Recently resolved vulnerabilities in SecurEnvoy's encrypted email transfer SecurMail created a way for encrypted emails in users' inboxes to be read, overwritten and deleted by others. The flaws – uncovered by Austrian security firm SEC Consult during a crash test – included cross-site scripting, cross-site request forgery, …
John Leyden, 13 Mar 2018
A Chinese laundry on the back streets of Shanghai

China ALTERED its public vuln database to conceal spy agency tinkering – research

China has altered public vulnerability data to conceal the influence of its spy agency in the country's national information security bug reporting process. The damning finding from threat intel firm Recorded Future follows months of research examining the publication speed for China’s National Vulnerability Database (CNNVD …
John Leyden, 12 Mar 2018
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Sigh. Cisco security kit has Java deserialisation bug and a default password SNAFU

Cisco's security developers have served up a parcel of patches. First up, there's a gem in Switchzilla's Secure Access Control System. The ACS (which ceased sale in August 2017) is a hardware-based login gatekeeper, and it's got a remotely-pwnable Java deserialisation bug. Cisco's notice for CVE-2018-0147 says an attacker …
server

Buffer overflow in Unix mailer Exim imperils 400,000 email servers

Researchers have uncovered a critical buffer overflow vulnerability in all versions of the Exim mail transfer agent. The flaw (CVE-2018-6789) leaves an estimated 400,000 email servers at potential risk to remote code execution-style attacks. Fortunately a patched version (Exim version 4.90.1) is already available. The bug …
John Leyden, 7 Mar 2018

Miner vs miner: Attack script seeks out and destroys competing currency crafters

Cryptocurrency-mining malware-scum have started to write code that evicts rivals from compromised computers. The miner in question was first noticed by SANS Internet Storm Center handler Xavier Mertens. Mertens spotted the PowerShell script on March 4, and noting that it kills any other CPU-greedy processes it spots on target …
rain on an umbrella

Spring break! Critical vuln in Pivotal framework's Data parts plugged

Pivotal Labs' Spring Data REST project has a serious security hole that needs patching. Pivotal's Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These …
John Leyden, 5 Mar 2018

4G LTE pried open to reveal a slew of new protocol-level attacks

A group of American university researchers have broken key 4G LTE protocols to generate fake messages, snoop on users, and forge user location data. Those working on the coming 5G protocols should take note: the vulnerabilities are most worrying because they're written into the LTE protocols, and could therefore have an …
Shutterstock punch through wall

Cisco NFV controller is a bit too elastic: It has an empty password bug

Cisco's Elastic Services Controller's release 3.0.0 software has a critical vulnerability: it accepts an empty admin password. The Controller (ESC) is Cisco's automation environment for network function virtualisation (NFV), providing VM and service monitors, automated recovery and dynamic scaling. Cisco's advisory about the …
women laughing

Until last week, you could pwn KDE Linux desktop with a USB stick

A recently resolved flaw in the KDE Linux desktop environment meant that files held on a USB stick could be executed as soon as they were plugged into a vulnerable device. The security howler created a means to execute arbitrary code on KDE by simply naming a pendrive VFAT volume $() or similar, as explained in this advisory ( …
John Leyden, 12 Feb 2018
Falling asleep in front of computer

Another week, another Cisco-security-kit-needs-a-patch story

Cisco's again asked owners of Adaptive Security Appliances or Firepower Threat Defense Software to patch, after it turned up a new DDOS problem that last patches didn't address. Owners of such kit were in patch-fast mode last week after Switchzilla revealed a “crafted XML attack” that exposed webvpn's interface to the 'net, …
boarded-up windows

Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em

Hackers* have improved the reliability and potency of Server Message Block (SMB) exploits used to carry out the hard-hitting NotPetya ransomware attack last year. EternalBlue, EternalSynergy, EternalRomance and EternalChampion formed part of the arsenal of NSA-developed hacking tools that were leaked by the Shadow Brokers …
John Leyden, 31 Jan 2018
Person using a card reader

Oracle point-of-sale system vulnerabilities get Big Red cross

A vulnerability has been unearthed in Oracle MICROS point-of-sale (POS) terminals that allowed hackers to read sensitive data from devices. The flaw (CVE-2018-2636) was fixed in Oracle's January 2018 patch batch, allowing business app security firm ERPScan to go public with its findings. Left unresolved, the bug would enable …
John Leyden, 31 Jan 2018
Dirty computer

Unsanitary Firefox gets fix for critical HTML-handling hijack flaw

Mozilla has patched a nasty security bug in Firefox, affecting versions 56, 57 and 58, and their point updates. The CVSS-8.8-rated flaw means that if an attacker can get a user to open a malicious document or link, remote code execution becomes a possibility – allowing spyware, ransomware and other nasties to be installed and …
Big number ten

Ugly, perfect ten-rated bug hits Cisco VPNs

A programming slip in Cisco VPN software has introduced a critical vulnerability hitting ten different Adaptive Security Appliance and Firepower Threat Defense Software products. The bug scores a perfect ten CVSS rating, and is present in the products' SSL VPN functionality. That's bad news because if you've deployed the VPN …
Curl of butter

libcurl has had auth leak bug since 'the first commit we recorded'

If you use libcurl, the command line tool and library for transferring data with URLs, get ready to patch. The tool has a pair of problems, one of which is an authentication leak. This advisory says the library can leak authentication data to third parties because of how it handles custom headers in HTTP requests. “When asked …
Spectre graphic

SHL just got real-mode: US lawmakers demand answers on Meltdown, Spectre handling from Intel, Microsoft and pals

Four Republican members of the US House of Representatives sent letters on Wednesday to the leaders of Amazon, AMD, Apple, ARM, Google, Intel and Microsoft seeking answers about how the embargo on the Meltdown and Spectre bugs was handled. The secrecy agreement, put in place by these same companies, demanded silence from June …
Thomas Claburn, 25 Jan 2018
Image by rudall30 http://www.shutterstock.com/gallery-573151p1.html

Fresh botnet recruiting routers with weak credentials

Security researchers believe the author of the Satori botnet is at it again, this time attacking routers to craft a botnet dubbed "Masuta". The early-January Satori botnet attacked a Huawei router zero-day. Masuta also hits routers. According to NewSky's analysis, the attack comes in two flavours. There's Masuta, which takes …
Spit take

Skype, Slack, other apps inherit Electron vuln

Updated If you've built a Windows application on Electron, check to see if it's subject to a just-announced remote code execution vulnerability. Electron is a node.js and Chromium framework that lets developers use Web technologies (JavaScript, HTML and CSS) to build desktop apps. It's widely-used: Skype, Slack, Signal, a Basecamp …

Create a news alert about vulnerability, or find more stories about vulnerability.

Biting the hand that feeds IT © 1998–2018