Articles about vulnerability

So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks

Bsides Manchester A newly discovered WordPress flaw has left installs of the ubiquitous content management system potentially vulnerable to hacking. A security shortcoming within WordPress's PHP framework can be leveraged by logged-in non-admin users to run arbitrary malicious code and commands on the host servers, infosec consultancy Secarma …
John Leyden, 20 Aug 2018

CVE? Nope. NVD? Nope. Serious must-patch type flaws skipping mainstream vuln lists – report

The first half of 2018 saw a record haul of reported software vulnerabilities yet a high proportion of these won’t appear in any mainstream flaw-tracking lists, researcher Risk Based Security (RBS) has claimed. According to the company’s estimate, from the beginning of the year until June 30 it recorded a total of 10,644 …
John E Dunn, 14 Aug 2018

Batten down the ports: Linux networking bug SegmentSmack could remotely crash systems

A networking flaw has been discovered in the Linux kernel that could trigger a remote denial-of-service attack. Versions 4.9 and up are "vulnerable to denial-of-service conditions with low rates of specially crafted packets", according to a US-CERT advisory this week. The bug is being tracked as SegmentSmack (CVE-2018-5390). …
John Leyden, 7 Aug 2018
Skull and Crossbones in the cloud

SoftNAS no longer a soft touch for hackers (for now)... Remote-hijacking vulnerability patched

SoftNAS has plugged a serious vulnerability in its cloud storage management tool that can be exploited to execute malicious code on a victim's server. Core Security's Fernando Díaz and Fernando Catoira discovered the command-injection security flaw in the StorageCenter component of SoftNAS Cloud version pre-4.0.3. The …
John Leyden, 30 Jul 2018

Dust yourself off and try again: Ancient Solaris patch missed the mark

A vulnerability first detected and "resolved" years ago in Oracle's Unix OS, Solaris, has resurfaced, necessitating a fix in Big Red's latest quarterly patch batch. Rather than a Lazarus-like return from the dead, it's more a case of security researchers discovering that the original fix, for a component that's become known as …
John Leyden, 24 Jul 2018
Bluetooth bug

Big bad Bluetooth blunder bug battered – check for security fixes

With a bunch of security fixes released and more on the way, details have been made public of a Bluetooth bug that potentially allows miscreants to commandeer nearby devices. This Carnegie-Mellon CERT vulnerability advisory on Monday laid out the cryptographic flaw: firmware or operating system drivers skip a vital check …

Adobe on internal systems security hole: Panic not. It isn't critical

Adobe has attempted to play down the significance of a vulnerability in its internal systems. Bug hunters at an outfit called Vulnerability Laboratory claimed they had discovered a remote code execution hole in one of the Photoshop giant's main staff-only database systems – a weakness that was only corrected on Saturday. …
John Leyden, 19 Jul 2018

Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow

Russia's vulnerability database is much thinner than its US or Chinese counterparts – but it does contain a surprisingly high percentage of security bugs exploited by its cyber-spies. Recorded Future's Priscilla Moriuchi and Dr Bill Ladd found the database is highly focused yet incomplete, slow to update, and "likely intended …
John Leyden, 17 Jul 2018

GitHub to Pythonistas: Let us save you from vulnerable code

GitHub's added Python to the list of programming languages it can auto-scan for known vulnerabilities. In March, the social code-host added Ruby and Javascript libraries to the dependency graph service it announced last year. Afraid of the dark, image via Shutterstock Your code is RUBBISH, says GitHub. Good thing we're here …

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers

HPE servers running unpatched enterprise software are trivially easy to exploit with just one line of code, it has emerged. The script kiddie-friendly attack route dumbs down exploitation of a severe vulnerability dating from last year which stemmed from coding flaws in HPE's Integrated Lights-Out 4 (iLO 4), a tool for …
John Leyden, 11 Jul 2018
Image by Maksim Kabakou

Windows 10's defences are pretty robust these days, so of course folk are trying to break them

Hackers have been experimenting with a newly discovered technique to commandeer Windows 10 boxes. The approach, revealed at the start of June, relies on abusing Windows Settings files (.SettingContent-ms), an XML file type introduced in Windows 10. The technology allows users to create "shortcuts" to various Windows settings …
John Leyden, 5 Jul 2018

Thunderbird gets its EFAIL patch

Thunderbird has pushed code with fixes for a dozen security vulnerabilities – including the EFAIL encryption mess that emerged in May. The EFAIL-specific fixes address two errors in Thunderbird's handling of encrypted messages: CVE-2018-12372, in which an attacker can build S/MIME and PGP decryption oracles in HTML messages; …

GnuPG patched to thwart 'fake filename'

If you're a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug. The short version, given in CVE-2018-12020, is that mainproc.c mishandles the filename, and as a result, an attacker can spoof the output it sends to other programs. “For example, the OpenPGP data might represent an …

Spectre-protectors: If there's something strange in your CPU, who you gonna call?

Enhanced Spectre-protectors will soon come to the Chrome browser, as its desktop stable channel hit version 67.0.3396.62 and upgrades for Windows, Mac and Linux have started to flow. The Spectre mitigation comes in the form of enhanced site isolation, first introduced in Chrome 63, in which pages from different sites run in …
Tripping over

ISP popped router ports, saving customers the trouble of making themselves hackable

Singaporean broadband subscribers were left vulnerable to attackers after their ISP opened remote access ports on their gigabit modems and forgot to close them. The discovery was made by NewSky Security researcher Ankit Anubhav, who used Shodan to scan for SingTel routers open on port 10,000 – the default Network Data …
Pepper robot, Shutterstock

Softbank's 'Pepper' robot is a security joke

Softbank's popular anthropomorphic robot, Pepper, has myriad security holes according to research published by Scandinavian researchers earlier this month. The 'bot allows unauthenticated root-level access, runs a Meltdown/Spectre-vulnerable processor, can be administered over unencrypted HTTP and has a default root password …
Hammer, spanner and screw

Electron patches patch after security researcher bypassed said patch

In an update last week, the developers of Electron – the toolkit used to craft widely used apps from Skype and Slack to Atom – shipped a patch to their January patch, and now, an infosec researcher has explained why. A remote-code execution vulnerability, CVE-2018-1000006, was found in Windows applications developed using …
Man holds the BMW f30 key fob with an apple watch showing the connected drive information.

Big bimmer bummer: Bavaria's BMW buggies battered by bad bugs

A security audit conducted by Tencent's Keen Security Lab on BMW cars has given the luxury automaker a handy crop of bugs to fix – including a backdoor in infotainment units fitted since 2012. Now that the patches are gradually being distributed to owners, the Chinese infosec team has gone public with its security audit, …

Create a news alert about vulnerability, or find more stories about vulnerability.

Biting the hand that feeds IT © 1998–2018