Articles about bugs

panic

Twitter: Don't panic, but we may have leaked your DMs to rando devs

Twitter is in full damage control mode after disclosing that it may have inappropriately exposed some unlucky twits' private tweets and direct messages to strangers. The 280-character shoutfest admitted on Friday that a bug present in one of its APIs from May 2017 to September 10, 2018, could have caused some messages to leak …
Shaun Nichols, 21 Sep 2018

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet. Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass …
Shaun Nichols, 18 Sep 2018
Blurry image of people

Cisco loses focus over TelePresence blurry videoconferencing bug

Have you noticed that your big expensive Cisco TelePresence unit seems like it needs a pair of glasses? You're not alone. Switchzilla is advising companies using two of the older models of its video conferencing system to install software update to address a defect in the camera that leaves users with a blurry picture. cisco …
Shaun Nichols, 12 Sep 2018
Tesla model S

Bug bounty alert: Musk lets pro hackers torpedo Tesla firmware risk free

Tesla will allow vetted security researchers to hunt for vulnerabilities in its vehicle firmware risk free – as long as it is done under its now-tweaked bug bounty program. The luxury electric automaker said this week it will reflash the firmware on cars that have been bricked by infosec bods probing for exploitable bugs in …
Shaun Nichols, 6 Sep 2018
BSOD in Glasgow

Well, can't get hacked if your PC doesn't work... McAfee yanks BSoDing Endpoint Security patch

McAfee has pulled a version of its Endpoint Security software after folks reported the antivirus software was crashing their Windows machines. The security giant said it has taken down the August update for Endpoint Security 10.5.4, and is advising anyone who has downloaded it, but not installed, to hold off installing it. " …
Shaun Nichols, 24 Aug 2018
Doctor Nick Riviera

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
Shaun Nichols, 7 Aug 2018
Finding bugs in code

Top tip? Sprinkle bugs into your code to throw off robo-vuln scanners

Miscreants and researchers are using automation to help them find exploitable flaws in your code. Some boffins at New York University in the US have a solution to this, and it's a new take on "security through obscurity". Here it is: add more bugs to your software to throw the automatic scanners off the scent of really scary …
Man in tie smashes printer with baseball bat in a field.

Ever seen printer malware in action? Install this HP Ink patch – or you may find out

HP Inc has posted an update to address a pair of serious security vulnerabilities in its InkJet printers. The firmware update patches CVE-2018-5924 and CVE-2018-5925, two flaws that can be exploited by printing a file that triggers a stack or static buffer overflow, giving you the ability to then execute malicious code on the …
Shaun Nichols, 3 Aug 2018

Whisk-y business: How Apache OpenWhisk hole left IBM Cloud Functions at risk of hijacking

IBM has patched a critical vulnerability in its Cloud Functions platform that would have allowed miscreants to remotely overwrite customers' code – and execute malicious commands to hijack services. The flaws, designated CVE-2018-11756 and CVE-2018-11757, are actually present in Apache OpenWhisk, a component Big Blue uses to …
Shaun Nichols, 24 Jul 2018
A security guard asleep

Sophos SafeGuard anything but – thanks to 7 serious security bugs

Companies running Sophos security clients will want to update their software following the disclosure of seven privilege escalation flaws in the security suite. Sophos says its SafeGuard Enterprise Client, LAN Crypt client and Easy software on Windows are all vulnerable to the bugs, which can be exploited by an attacker to run …
Shaun Nichols, 26 Jun 2018

Silk road adviser caught, Kaspersky sues Dutch paper, and Vietnam's tech clampdown

Roundup This week included a big Patch Tuesday bundle, a fresh fine for Yahoo!, and yet another Intel bug that potentially exposes sensitive kernel information. Here are a few of the other security stories that broke this week. Kaspersky hungry for some Dutch crunch Eugene Kaspersky says he's sick of bad news coverage, and he's …
Shaun Nichols, 16 Jun 2018
Cats eyes behind a zip

Loose .zips sink chips: How poisoned archives can hack your computer

Video Booby-trapped archive files can exploit vulnerabilities in a swath of software to overwrite documents and data elsewhere on a computer's file system – and potentially execute malicious code. Specifically, the flaws, dubbed "Zip Slip" by its discoverers at security outfit Snyk, are path traversals that can potentially be …
Shaun Nichols, 5 Jun 2018

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered

Updated Canonical has halted downloads of Ubuntu Linux 17.10, aka Artful Aardvark, from its website after punters complained installing the open-source OS on laptops knackered the machines. Specifically, the desktop flavor of Artful Aardvark, released in October, has been temporarily pulled – the server builds and other editions …

Apple sprays down bug-ridden iOS 11 with more fixes

Apple has posted an update to address a host of bugs in its iOS mobile software. The iOS 11.2 update patches both security and stability bugs in the iPad/iPhone firmware. It will also improve the wireless charging for new iPhones and add a payments feature to Siri and Messages, Apple promises. The bugs addressed in iOS 11.2 …
Shaun Nichols, 4 Dec 2017

Pro tip: You can log into macOS High Sierra as root with no password

Updated A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug can be triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff …
Shaun Nichols, 28 Nov 2017
DNS toolkit

Open source nameserver used by millions needs patching

Open source DNS software vendor PowerDNS has advised users to patch its "Authoritative" and "Recursor" products, to squish five bugs disclosed today. None of the bugs pose a risk that PowerDNS might itself be compromised, but this is the DNS: what an attacker can do is fool around with DNS records in various ways. That can be …
Sleeping man on couch with a beer , popcorn and a food-stained vest. Photo by Shutterstock

Mi casa es su casa: Ubuntu bug makes 'guests' anything but

Recent versions of the Ubuntu Linux distro fail to limit system access for guest accounts. This according to developer Tyler Hicks, who reported a bug that allows guest users to roam free of the confines expected to be placed on system access for guests. Ideally, guest users should be restricted to a small temporary …
Shaun Nichols, 19 May 2017

Today's bonkers bug report: Microsoft Edge can't print numbers

Microsoft's Edge browser is the subject of an amusing new bug report, alleging it somehow manages to screw up printing strings of numbers. The report on Microsoft's developer portal describes the issue where PDF files printed through Edge will display numbers and text incorrectly when exported. "Edge displays PDF correctly …
Shaun Nichols, 5 May 2017

Create a news alert about bugs, or find more stories about bugs.

Biting the hand that feeds IT © 1998–2018