CheckPoint infosec eggheads are today laying claim to discovering a Windows archiving security flaw that appears to have been lingering since 2005, if not earlier. The programming cockup can be potentially exploited when a user accidentally opens a malicious archive, perhaps one sent by email or downloaded from a website: …

Companies running a popular brand of industrial Ethernet switch are being advised to update their firmware ASAP following a series of bug disclosures. Security house Positive Technologies took credit today for the discovery of six CVE-listed security vulnerabilities in the Phoenix Contact FL Switch 3xxx, 4xxx, and 48xx …

VidThe bloke who found a password-spaffing bug in macOS says he won't divulge details on the flaw to Apple until the tech titan agrees to properly compensate vulnerability researchers. Germany-based freelance bug-hunter Linus Henze says the security weakness can be exploited by malware and other dodgy apps running on a Mac to …

UpdatedDating-slash-hook-up app Jack'd is exposing to the public internet intimate snaps privately swapped between its users, allowing miscreants to download countless X-rated selfies without permission. The phone application, installed more than 110,000 times on Android devices and also available for iOS, lets primarily gay and bi …

Cisco's irregular patch cycle has come round again and this time the focus is on the company's SD-WAN product. As well as high-rated bugs in Webex, small business routers and various security products, Switchzilla has disclosed one critical bug in its SD-WAN, and another four vulnerabilities rated high. That critical rating …

While admins were busy wrangling with the mass of security patches from Microsoft, Adobe, and SAP last week, Intel slipped out a fix for a potentially serious flaw in its Software Guard Extensions (SGX) technology. Chipzilla's January 8 update addresses CVE-2018-18098, an issue Intel describes as an "improper file verification …

Juniper Networks has had its first big bug day in months, with 19 patches announced covering everything from third-party package catchups to critical errors in password handling. For the sake of organisation, let's pick up patches in the Junos OS first (there being so many patches, The Register will focus on those rated "High …

A bloke has told how he discovered a bug in Valve's Steam marketplace that could have been exploited by thieves to steal game license keys and play pirated titles. Researcher Artem Moskowsky told The Register earlier this week that he stumbled across the vulnerability – which earned him a $20,000 bug bounty for reporting it – …

Cisco this week patched critical vulnerabilities in its switches, Stealthwatch, and Unity voice messaging system. Oh, and 'fessed up that it accidentally shipped software that included in-house-developed exploit code for attacking Linux systems via the Dirty COW flaw. The networking giant also announced it has begun combing …

The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework. A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5. …

America's trade watchdog's case against network device maker D-Link will go ahead next January – after a district judge rebuked the two sides for wasting money drawing up and filing demands for summary judgments. The US Federal Trade Commission (FTC) brought its lawsuit against Taiwanese D-Link early last year in California, …

UpdatedA security researcher says an undocumented API in the Google Home Hub assistant can be exploited to kick the gizmo off its own wireless network. Flaw finder Jerry Gamblin says the API allows the device to receive commands from systems and handhelds sharing its local wireless network that can, among other things, reboot the …

Companies running Arcserve Unified Data Protection to manage their backups and archives are being advised to update their software after bug hunters discovered four remotely exploitable security vulnerabilities. Researchers with Digital Defense identified this month four holes that, if exploited via a phishing attack or …

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps. The software sniffers said they first came across the exploitable programming blunder while digging into webpage …

WhatsApp has patched a vulnerability it its smartphone code that could have been exploited by miscreants to crash victims' chat app simply by placing a call. Google Project Zero whizkid and Tamagotchi whisperer Natalie Silvanovich discovered and reported the flaw, a memory heap overflow issue, directly to WhatsApp in August. …

Miscreants can potentially gain admin-level control over Western Digital's My Cloud gear via an HTTP request over the network or internet. Researchers at infosec shop Securify revealed today the vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass …

An infosec bod has documented a remote-code execution flaw in Alpine Linux, a distro that pops up a lot in Docker containers. Max Justicz, researcher and creator of crowd-sourced bug bounty system Bountygraph, said on Thursday that the vulnerability could be exploited by someone with man-in-the-middle (MITM) network access, or …

A privilege escalation flaw in McAfee's True Key software remains open to exploitation despite multiple attempts to patch it. This according to researchers with security shop Exodus Intel, who claim that CVE-2018-6661 was not fully addressed with either of the two patches McAfee released for it. The flaw is an elevation of …