vulnerabilities • Page 1 • Tag • The Register

Ofcom: More spectrum for all the good boys and girls. Except you, EE. You've had your fill

BT: Soz about that £1.3m CEO bonus vote, shareholders. Friends?

Still using Azure Scheduler? Schedule in 30 September 2019 'cos it's being euthanised

Good from AFA... and not far from good: Analysts reveal flash array vendors' digits

Is Google purposefully breaking Microsoft, Apple browsers on its websites? Some insiders are confident it is

Microsoft flings untested Windows 10 updates to users! (Oh no it doesn't!)

Visual Studio Code's Python extension goes to Jupyter

SAP can't thwack away Teradata's copyright infringement, antitrust sueball

Houston, we've had a problem: NASA fears internal server hacked, staff personal info swiped by miscreants

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'

German cybersecurity chief: Anyone have any evidence of Huawei naughtiness?

Memes, messengers, and missiles: From Twitter to chat apps and weapons, security is ho-ho-hosed this Xmas

CLL '19 to span DevOps, Containers, Continuous Delivery and Serverless

Kubernetes has become 'boring' and that's good, Google tells devs

JFrog to open freebie central repository for Go fans in the new year

Need continuous Kubernetes satisfaction? CloudBees has just the thing

Bonne année, Google, Facebook! France to tax tech giants from 1 Jan

Silent night, social fight: Is Instagram the new Facebook for pro-Trump Russian propagandists?

Spending watchdog points finger at Capita for 1,300 shortfall in British Army rookies

Postmates plans rollout of autonomous delivery robots in US

Newsflash: Twitter still toxic place for women, particular those of color, Amnesty study finds

The Palm Palm: The Derringer of smartphones

Apple iPhone X screen falls short of promises, lawsuit says

Razer offers freebies to gamers who descend into its coin mine

Geek's Guide

Scrubtastic end to 2018 as SpaceX, Blue Origin, Arianespace all opt for another day on Earth

Brexit-dodging SCISYS Brits find Galileo joy in Dublin

Happy Christmas! Bloodhound SSC refuelled by Yorkshire business chap

Astroboffins spy a rare exoplanet evaporating before their eyes

Brit startup Graphcore tossed a £200m early Christmas pressie for machine learning CPU

It's beginning to look a lot like multi-threaded CPUs, everywhere you go... Arm teases SMT Cortex-A65AE car brains

Ding dong merrily on high. In Berkeley, the bots are singeing: Self-driving college cooler droid goes up in flames

Amazon's creepy facial recog doorbell, Facebook open sources machine learning code and much more

Verity Stob

Pork pulled: Plug jerked out of beacon of bacon delight

Oh Deer! Poacher sentenced to 12 months of regular Bambi screenings in the cooler

Boffins don't give a sh!t, slap Trump's face on a turd in science journal

No not THAT kind of Office Wizard! Roll a diplomacy check to win the election: Vote tie resolved by a D20

Articles about vulnerabilities

I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000

A bloke has told how he discovered a bug in Valve's Steam marketplace that could have been exploited by thieves to steal game license keys and play pirated titles. Researcher Artem Moskowsky told The Register earlier this week that he stumbled across the vulnerability – which earned him a $20,000 bug bounty for reporting it – …

9 Nov 2018

Woman says oops after data breach... or spome other mistake, possibly. Illustration by Shutterstock/sergey sobin

Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software

Cisco this week patched critical vulnerabilities in its switches, Stealthwatch, and Unity voice messaging system. Oh, and 'fessed up that it accidentally shipped software that included in-house-developed exploit code for attacking Linux systems via the Dirty COW flaw. The networking giant also announced it has begun combing …

8 Nov 2018

Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP

The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework. A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5. …

7 Nov 2018

Uncle Sam, D-Link told to battle in court over claims of shoddy device security: Judge snubs summary judgment bids

America's trade watchdog's case against network device maker D-Link will go ahead next January – after a district judge rebuked the two sides for wasting money drawing up and filing demands for summary judgments. The US Federal Trade Commission (FTC) brought its lawsuit against Taiwanese D-Link early last year in California, …

6 Nov 2018

This one weird trick turns your Google Home Hub into a doorstop

UpdatedA security researcher says an undocumented API in the Google Home Hub assistant can be exploited to kick the gizmo off its own wireless network. Flaw finder Jerry Gamblin says the API allows the device to receive commands from systems and handhelds sharing its local wireless network that can, among other things, reboot the …

31 Oct 2018

You patch my back(up) and I'll patch yours... Arcserve bugs burrow remotely exploited holes in UDP storage systems

Companies running Arcserve Unified Data Protection to manage their backups and archives are being advised to update their software after bug hunters discovered four remotely exploitable security vulnerabilities. Researchers with Digital Defense identified this month four holes that, if exploited via a phishing attack or …

24 Oct 2018

Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps. The software sniffers said they first came across the exploitable programming blunder while digging into webpage …

12 Oct 2018

Rap for WhatsApp chat app chaps in phone-to-pwn security nap flap

WhatsApp has patched a vulnerability it its smartphone code that could have been exploited by miscreants to crash victims' chat app simply by placing a call. Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported the flaw, a memory heap overflow issue, directly to WhatsApp in August. …

9 Oct 2018

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet. Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass …

18 Sep 2018

Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

An infosec bod has documented a remote-code execution flaw in Alpine Linux, a distro that pops up a lot in Docker containers. Max Justicz, researcher and creator of crowd-sourced bug bounty system Bountygraph, said on Thursday that the vulnerability could be exploited by someone with man-in-the-middle (MITM) network access, or …

15 Sep 2018

When is a patch not a patch? When it's for this McAfee password bug

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …

11 Sep 2018

Want a $200k TIP? ZDI sticks bounties on bugs in big-name server code

A bunch of new bug bounty rewards are up for grabs from the Zero Day Initiative, in a first-come, best-dressed program kicking off on August 1. The Trend Micro-backed operation announced on July 24 what it called the Targeted Incentive Program (TIP). Besides the mention of Microsoft Windows Server 2016, the TIP focuses paying …

25 Jul 2018

Telco IT admins on red alert as Cisco flings out patches for security holes in policy toolkit

Cisco has emitted 25 product security advisories – with four critical bugs flattened in its service provider-oriented Cisco Policy Suite. The suite’s Policy Builder toolkit can be exploited by an unauthenticated remote attacker to gain access to its policy interface, due to an authentication bug (CVE-2018-0376). The switch …

19 Jul 2018

plasters cover arm. photo by shutterstock

Finance sector is littered with vulns, and guess what – most can be resolved by patching

Security vulnerabilities across the finance sector have increased more than fivefold (418 per cent) in the last four years, according to a study by NCC Group. The most common high and medium-risk vulnerabilities were found in customer-facing web apps. NCC categorised vulnerabilities found in 168 financial services …

22 Sep 2017

Older stories »

Create a news alert about vulnerabilities, or find more stories about vulnerabilities.

Ofcom: More spectrum for all the good boys and girls. Except you, EE. You've had your fill

BT: Soz about that £1.3m CEO bonus vote, shareholders. Friends?

Still using Azure Scheduler? Schedule in 30 September 2019 'cos it's being euthanised

Good from AFA... and not far from good: Analysts reveal flash array vendors' digits

Is Google purposefully breaking Microsoft, Apple browsers on its websites? Some insiders are confident it is

Microsoft flings untested Windows 10 updates to users! (Oh no it doesn't!)

Visual Studio Code's Python extension goes to Jupyter

SAP can't thwack away Teradata's copyright infringement, antitrust sueball

Houston, we've had a problem: NASA fears internal server hacked, staff personal info swiped by miscreants

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'

German cybersecurity chief: Anyone have any evidence of Huawei naughtiness?

Memes, messengers, and missiles: From Twitter to chat apps and weapons, security is ho-ho-hosed this Xmas

CLL '19 to span DevOps, Containers, Continuous Delivery and Serverless

Kubernetes has become 'boring' and that's good, Google tells devs

JFrog to open freebie central repository for Go fans in the new year

Need continuous Kubernetes satisfaction? CloudBees has just the thing

Bonne année, Google, Facebook! France to tax tech giants from 1 Jan

Silent night, social fight: Is Instagram the new Facebook for pro-Trump Russian propagandists?

Spending watchdog points finger at Capita for 1,300 shortfall in British Army rookies

Postmates plans rollout of autonomous delivery robots in US

Newsflash: Twitter still toxic place for women, particular those of color, Amnesty study finds

The Palm Palm: The Derringer of smartphones

Apple iPhone X screen falls short of promises, lawsuit says

Razer offers freebies to gamers who descend into its coin mine

Scrubtastic end to 2018 as SpaceX, Blue Origin, Arianespace all opt for another day on Earth

Brexit-dodging SCISYS Brits find Galileo joy in Dublin

Happy Christmas! Bloodhound SSC refuelled by Yorkshire business chap

Astroboffins spy a rare exoplanet evaporating before their eyes

Brit startup Graphcore tossed a £200m early Christmas pressie for machine learning CPU

It's beginning to look a lot like multi-threaded CPUs, everywhere you go... Arm teases SMT Cortex-A65AE car brains

Ding dong merrily on high. In Berkeley, the bots are singeing: Self-driving college cooler droid goes up in flames

Amazon's creepy facial recog doorbell, Facebook open sources machine learning code and much more

Pork pulled: Plug jerked out of beacon of bacon delight

Oh Deer! Poacher sentenced to 12 months of regular Bambi screenings in the cooler

Boffins don't give a sh!t, slap Trump's face on a turd in science journal

No not THAT kind of Office Wizard! Roll a diplomacy check to win the election: Vote tie resolved by a D20

Articles about vulnerabilities

I found a security hole in Steam that gave me every game's license keys and all I got was this... oh nice: $20,000

Oops: Cisco accidentally leaked in-house Dirty COW exploit code with biz conf call software

Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP

Uncle Sam, D-Link told to battle in court over claims of shoddy device security: Judge snubs summary judgment bids

This one weird trick turns your Google Home Hub into a doorstop

You patch my back(up) and I'll patch yours... Arcserve bugs burrow remotely exploited holes in UDP storage systems

Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks

Rap for WhatsApp chat app chaps in phone-to-pwn security nap flap

'I am admin' bug turns WD's My Cloud boxes into Everyone's Cloud

Docker fave Alpine Linux suffers bug miscreants can exploit to poison containers

When is a patch not a patch? When it's for this McAfee password bug

Want a $200k TIP? ZDI sticks bounties on bugs in big-name server code

Telco IT admins on red alert as Cisco flings out patches for security holes in policy toolkit

Huawei enterprise comms kit has a TLS crypto bug

Cisco passes around antidotes to noxious NX-OS code execution bugs

Loose .zips sink chips: How poisoned archives can hack your computer

Apple Mac fans told: Something smells EFI in your firmware

Finance sector is littered with vulns, and guess what – most can be resolved by patching

Most read

Dev's telnet tinkering lands him on out-of-hour conference call with CEO, CTO, MD

Who's watching you from an unmarked van while you shop in London? Cops with facial recog tech

The Palm Palm: The Derringer of smartphones

Boffins don't give a sh!t, slap Trump's face on a turd in science journal

Influential cypherpunk and crypto-anarchist Tim May dies aged 67

About us

More content

Situation Publishing

Sign up to our Newsletters