Articles about vulnerability

BoundHook: Microsoft downplays Windows systems exploit technique

Features of the Intel MPX designed to prevent memory errors and attacks might be abused to launch assaults on Windows systems, security researchers claim. Windows 10 uses Intel to secure applications by detecting boundary exceptions (common during a buffer overflow attack). An exploit technique by CyberArk Labs uses the …
John Leyden, 18 Oct 2017
Shutterstock door knocker

Swiss banking software has Swiss cheese security, says Rapid7

Rapid7 has gone public with news of an e-commerce SQL injection vulnerability, saying it couldn't raise a response from the vendor. The software in question, SmartVista, is an e-commerce and financial product from BPC Banking, and in this post, Rapid7 says it told the company about the issue back in May 2017. The US CERT …
Linux penguin canape... snacks. Photo by SHutterstock

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'

A flaw has been found in the way the Linux kernel loads ELF files. If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application's data segment over the memory area reserved for its stack. This can result in memory corruption and possible local privilege …
John Leyden, 28 Sep 2017

Oracle corrals and patches Struts 2 vulnerabilities

Oracle has stepped outside its usual quarterly security fix cycle to address the latest Apache Struts 2 vulnerability. Ever since it emerged at the start of September, CVE-2017-9805 has been (in the words of a former Australian prime minister) “a shiver looking for a spine to crawl up”, because so many vendors use Apache to …
Image by Vaniato http://www.shutterstock.com/gallery-2619637p1.html

Equifax's disastrous Struts patching blunder: THOUSANDS of other orgs did it too

Thousands of companies may be susceptible to the same type of hack that recently struck Equifax. The Equifax breach was the result of a vulnerable Apache Struts component. Software automation vendor Sonatype warns that 3,054 organisations downloaded the same Struts2 component exploited in the Equifax hack in the last 12 months …
John Leyden, 20 Sep 2017
Photo by UzFoto / Shutterstock

Samsung mobile launches bug bounty program

Samsung's mobile limb has become the latest major vendor to launch a bug bounty program, and within its tight rules, it offers a tasty maximum prize of US$200,000. The bounty is for newer devices only – 38 mobile devices launched since 2016, including Galaxies S, Note, A, J, and Tab, and the top-of-the-line the S8, S8+, and …
frustration

SAP E-Recruiting bug could let you stop rivals poaching your people

SAP admins, there's an e-mail system bug that could give your HR department headaches, by blocking peoples from registering their e-mail with its E-Recruiting system. The problem is that a registration URL provided to job-seekers is predictable, meaning an attacker could put other peoples' e-mails into the system and guess the …

Bish, bosh, Bashware: Microsoft downplays research on WSL Win 10 'hack' threat

Microsoft has downplayed the risks of running a Linux Bash shell command line on Windows 10 via its Windows Subsystem for Linux (WSL) feature after security researchers said the technology could help hackers smuggle malware past security scanners and onto Windows 10 machines. Researchers at Check Point say that a potential …
John Leyden, 12 Sep 2017

Another reason to hate Excel: its Macros can help pivot attacks

A white-hat has taken a good look at whether you can pivot an attack from one machine to others using Microsoft Excel, and you probably won't like what he found. The researcher, Matt Nelson of SpecterOps (@enigma0x3) writes that he's found loose default launch and access permissions, meaning a macro-based attack doesn't need …
Angle grinder image via Shutterstock

Apache Struts you're stuffed: Vuln allows hackers to inject evil code into biz servers

Malicious code can be pushed into servers running Apache Struts 2 apps, allowing scumbags to run malware within corporate networks. The critical security vulnerability was discovered by researchers at Semmle, who today went public with their find. Apache Struts is a popular open-source framework for developing applications in …
John Leyden, 5 Sep 2017
Flyswat

Asterisk RTP bug worse than first thought: Think intercepted streams

One of the Asterisk bugs published last week is worse than first thought: Enable Security warns it exposes the popular IP telephony system to stream injection and interception without an attacker holding a man-in-the-middle position. A reader (@kapejod, who collaborated with @sandrogauci on the work) alerted The Register to …

Asterisk bugs make a right mess of RTP

Admins of the popular IP telephony application Asterisk have a lovely end to the week ahead of them - there's two moderate vulnerabilities, and one critical mess, that need patches. The worst of the three is this one: a bug in the Realtime Transport Protocol (RTP) stack that exposes a system to information disclosure. The …
FACEPALM

Alert: AT&T customers with Arris modems at risk of remote hacking, claim infosec bods

Infosec consulting firm Nomotion has reported vulnerabilities in Arris broadband modems and which it says are trivial to exploit, and could affect nearly 140,000 devices. The report claims the modems carry hard-coded credentials, serious since a firmware update turned on SSH by default. That would let a remote attacker access …
plasters cover arm. photo by shutterstock

Siemens patches one security vuln, leaves folks to block second

Siemens has plugged a man-in-the-middle vulnerability in its LOGO!8 BM FS-05 industrial automation hardware – but a second remains unpatched. The vulnerabilities were turned up by German researcher Maxim Rupp. According to Siemens' advisory, CVE-2017-12734 can be exploited by an attacker to sniff the session ID from an active …

SAP point-of-sale systems were totally hackable with $25 kit

Point-of-Sale systems from SAP had a vulnerability that allowed them to be hacked using a $25 Raspberry Pi or similar device, according to research unveiled at the Hack in the Box conference in Singapore last week. Critical vulnerabilities in SAP's POS – since resolved – created a means for hackers not only to steal customers …
John Leyden, 29 Aug 2017
Dog and fence, mage via Shutterstock

VoIP bods Fuze defuse triple whammy of portal security vulnerabilities

Messaging provider Fuze has resolved a trio of vulnerabilities in its TPN Handset Portal. The access controls and authentication flaws, discovered by security tools firm Rapid7, created a means for hackers to obtain personal data about Fuze users ranging from phone numbers to email addresses and access credentials. Once …
John Leyden, 23 Aug 2017
panic

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

A new attack, dubbed ROPEMAKER, changes the content of emails after their delivery to add malicious URLs and corrupt records. The assault undermines the comforting notion that email is immutable once delivered, according to email security firm Mimecast. Microsoft reckons the issue doesn't represent a vulnerability, a stance a …
John Leyden, 23 Aug 2017
Xen logos

Xen fixes guest privilege escape and plenty more

Xen admins, get busy: the open source hypervisor's issued fixes for bugs that range from data corruption and leakage up to privilege escalation. Let's start with CVE-2017-12137, which could let a paravirtualized (PV) guest escalate to host privilege. It's down to a mistake in memory allocation when a PV guest is launched. …

Create a news alert about vulnerability, or find more stories about vulnerability.

Biting the hand that feeds IT © 1998–2017