Articles about bugs

Vulns in online shopping toolkit WooCommerce can blast a hole in your WordPress security

Updated A vulnerability in the WooCommerce online store platform, used by over four million vendors, can be exploited to hijack WordPress installations hosting the software. Researchers at RIPSTech discovered and reported the flaw directly to WooCommerce's developers, who cleaned up the bug in version 3.4.6 – so make sure you're …
Shaun Nichols, 7 Nov 2018
Sad penguin photo via Shutterstock

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box. The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 …
Shaun Nichols, 26 Oct 2018
malware

Word up: Embedded vids in Office docs can hide embedded nasties, infosec bods warn

Updated Microsoft Word documents can potentially smuggle in malicious code using embedded web videos, it is claimed. Opening a booby-trapped file, and clicking on the vid, will trigger execution of the code. Miscreants can leverage this weakness to potentially trick marks into installing malware on their PCs. It's useful for hackers …
Shaun Nichols, 25 Oct 2018
People working with a crane

What a crane in the ass: Bug leaves construction machinery vulnerable to evil command injection

US-CERT is advising some customers of Telecrane construction cranes to patch their control systems – following the disclosure of a security bug that could allow a nearby attacker to wirelessly hijack the equipment. The government security body this week issued an alert on CVE-2018-17935, a vulnerability in the Telecrane F25 …
Shaun Nichols, 25 Oct 2018
Man has panic attack in front of computer

jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites

A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to seize control of websites – and is only now patched. Larry Cashdollar, a bug-hunter at Akamai, explained late last week how the security shortcoming, designated CVE-2018-9206, allows a …
Shaun Nichols, 22 Oct 2018
army

Hunt for Red Bugtober: US military's weapon systems riddled with security holes – auditors

Computer security vulnerabilities are widespread in US military hardware, and the Pentagon is only beginning to understand how to fix them. This is according to a October report [PDF] on cybersecurity practices in Uncle Sam's armed forces, drawn up by the Government Accountability Office (GAO). Leading with the subtle title " …
MacOS Mojave

Apple's dark-horse macOS Mojave is out (and it's already pwned)

Apple has posted the annual full overhaul of the Mac operating system, this time focusing on a redesign of the look and feel of the interface. The 10.14 incarnation of macOS, known as Mojave, has been released into general availability. It includes new features, interface updates, and security patches – though at least one …
Shaun Nichols, 24 Sep 2018
panic

Twitter: Don't panic, but we may have leaked your DMs to rando devs

Twitter is in full damage control mode after disclosing that it may have inappropriately exposed some unlucky twits' private tweets and direct messages to strangers. The 280-character shoutfest admitted on Friday that a bug present in one of its APIs from May 2017 to September 10, 2018, could have caused some messages to leak …
Shaun Nichols, 21 Sep 2018

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet. Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass …
Shaun Nichols, 18 Sep 2018
Blurry image of people

Cisco loses focus over TelePresence blurry videoconferencing bug

Have you noticed that your big expensive Cisco TelePresence unit seems like it needs a pair of glasses? You're not alone. Switchzilla is advising companies using two of the older models of its video conferencing system to install software update to address a defect in the camera that leaves users with a blurry picture. cisco …
Shaun Nichols, 12 Sep 2018
Tesla model S

Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free

Tesla will allow vetted security researchers to hunt for vulnerabilities in its vehicle firmware risk free – as long as it is done under its now-tweaked bug bounty program. The luxury electric automaker said this week it will reflash the firmware on cars that have been bricked by infosec bods probing for exploitable bugs in …
Shaun Nichols, 6 Sep 2018
BSOD in Glasgow

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …
Shaun Nichols, 24 Aug 2018
Doctor Nick Riviera

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
Shaun Nichols, 7 Aug 2018
Finding bugs in code

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University in the US have a solution to this, and it's a new take on "security through obscurity". Here it is: add more bugs to your software to throw the automatic scanners off the scent of really scary …
Man in tie smashes printer with baseball bat in a field.

Ever seen printer malware in action? Install this HP Ink patch – or you may find out

HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers. The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the …
Shaun Nichols, 3 Aug 2018

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

IBM has patched a critical vulnerability in its Cloud Functions platform that would have allowed miscreants to remotely overwrite customers' code – and execute malicious commands to hijack services. The flaws, designated CVE-2018-11756 and CVE-2018-11757, are actually present in Apache OpenWhisk, a component Big Blue uses to …
Shaun Nichols, 24 Jul 2018
A security guard asleep

Sophos SafeGuard anything but – thanks to 7 serious security bugs

Companies running Sophos security clients will want to update their software following the disclosure of seven privilege escalation flaws in the security suite. Sophos says its SafeGuard Enterprise Client, LAN Crypt client and Easy software on Windows are all vulnerable to the bugs, which can be exploited by an attacker to run …
Shaun Nichols, 26 Jun 2018

Silk road adviser caught, Kaspersky sues Dutch paper, and Vietnam's tech clampdown

Roundup This week included a big Patch Tuesday bundle, a fresh fine for Yahoo!, and yet another Intel bug that potentially exposes sensitive kernel information. Here are a few of the other security stories that broke this week. Kaspersky hungry for some Dutch crunch Eugene Kaspersky says he's sick of bad news coverage, and he's …
Shaun Nichols, 16 Jun 2018

Create a news alert about bugs, or find more stories about bugs.

Biting the hand that feeds IT © 1998–2018