VideoIt is possible to discern someone's SSH password as they type it into a terminal over the network by exploiting an interesting side-channel vulnerability in Intel's networking technology, say infosec gurus. In short, a well-positioned eavesdropper can connect to a server powered by one of Intel's vulnerable chipsets, and …

UpdatedVLC is said to be once again vulnerable to remote-code execution – meaning a booby-trapped video opened by the software could potentially crash the media player, or joyride it to run malware on the host machine. However, the developers of the open-source application, which has been downloaded literally billions of times and …

Apache HTTP Server has been given a patch to address a potentially serious elevation of privilege vulnerability. Designated CVE-2019-0211, the flaw allows a "worker" process to change its privileges when the host server resets itself, potentially allowing anyone with a local account to run commands with root clearance, …

The F-35 aircraft remains woefully unprepared against malware infections and other cyber-attacks, according to POGO – the respected non-profit watchdog Project on Government Oversight. Dubbed the most expensive weapon system in history, the beleaguered fighter jet is plagued with problems, including a lack of protection …

Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients' chests, can, in certain circumstances, be wirelessly hijacked and reprogrammed, perhaps to lethal effect. On Thursday, the US government's Dept of Homeland Security issued an …

A developer specializing in mobile apps for US conservatives is under fire for threatening to call the Feds on someone who reported security shortcomings in its software. On Tuesday, a French infosec bod, going under the Mr Robot-themed pseudonym Elliot Alderson and handle fs0c131y, notified 63red that it had left hard-coded …

CheckPoint infosec eggheads are today laying claim to discovering a Windows archiving security flaw that appears to have been lingering since 2005, if not earlier. The programming cockup can be potentially exploited when a user accidentally opens a malicious archive, perhaps one sent by email or downloaded from a website: …

Companies running a popular brand of industrial Ethernet switch are being advised to update their firmware ASAP following a series of bug disclosures. Security house Positive Technologies took credit today for the discovery of six CVE-listed security vulnerabilities in the Phoenix Contact FL Switch 3xxx, 4xxx, and 48xx …

VidThe bloke who found a password-spaffing bug in macOS says he won't divulge details on the flaw to Apple until the tech titan agrees to properly compensate vulnerability researchers. Germany-based freelance bug-hunter Linus Henze says the security weakness can be exploited by malware and other dodgy apps running on a Mac to …

UpdatedDating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission. The phone application, installed more than 110,000 times on Android devices and also available for iOS, lets primarily gay and bi …

Cisco's irregular patch cycle has come round again and this time the focus is on the company's SD-WAN product. As well as high-rated bugs in Webex, small business routers and various security products, Switchzilla has disclosed one critical bug in its SD-WAN, and another four vulnerabilities rated high. That critical rating …

While admins were busy wrangling with the mass of security patches from Microsoft, Adobe, and SAP last week, Intel slipped out a fix for a potentially serious flaw in its Software Guard Extensions (SGX) technology. Chipzilla's January 8 update addresses CVE-2018-18098, an issue Intel describes as an "improper file verification …

Juniper Networks has had its first big bug day in months, with 19 patches announced covering everything from third-party package catchups to critical errors in password handling. For the sake of organisation, let's pick up patches in the Junos OS first (there being so many patches, The Register will focus on those rated "High …

A bloke has told how he discovered a bug in Valve's Steam marketplace that could have been exploited by thieves to steal game license keys and play pirated titles. Researcher Artem Moskowsky told The Register earlier this week that he stumbled across the vulnerability – which earned him a $20,000 bug bounty for reporting it – …

Cisco this week patched critical vulnerabilities in its switches, Stealthwatch, and Unity voice messaging system. Oh, and 'fessed up that it accidentally shipped software that included in-house-developed exploit code for attacking Linux systems via the Dirty COW flaw. The networking giant also announced it has begun combing …

The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework. A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5. …

America's trade watchdog's case against network device maker D-Link will go ahead next January – after a district judge rebuked the two sides for wasting money drawing up and filing demands for summary judgments. The US Federal Trade Commission (FTC) brought its lawsuit against Taiwanese D-Link early last year in California, …

UpdatedA security researcher says an undocumented API in the Google Home Hub assistant can be exploited to kick the gizmo off its own wireless network. Flaw finder Jerry Gamblin says the API allows the device to receive commands from systems and handhelds sharing its local wireless network that can, among other things, reboot the …