Vulnerabilities

Vulnerabilities news, information, and how-to advice

traffic jam
defcon24

Recent MySQL vulnerability a lesson in privilege assignments

A recently disclosed flaw in MySQL seems to be more about permissions than remote code execution (RCE). While the flaw is a bit over-hyped, the underlying problems are legit concerns for organizations that just slap a web server...

Injection syringe needle vaccinate

Half of network management systems vulnerable to injection attacks

Cross-site scripting and SQL injection attacks are well-known threats for public-facing Web applications, but internal systems can be attacked as well. For example, about half of network management systems studied had these...

bullseye back

Security Solved: Company says their tech renders servers hack proof

A company calling itself HackProof Systems Inc. has launched a contest that will pay $5,000 to first person who can crack a server protected by their technology. The company makes no mention of any rules of engagement, nor do they...

voting sign

FBI: Common scanning tools used to target state election systems

An FBI memo citing information released by MS-ISAC says that foreign actors are using common scanning tools to locate vulnerable election systems. There is evidence to suggest, but not conclusively prove, that at least two incidents...

Social media logos

Social media, the gateway for malware

Social media sites, largely outside of enterprise control, are rich with personal information for malicious actors

hieronymus bosch conjurer

Deception technology grows and evolves

Deception technologies such as honeypots are becoming increasingly popular with enterprises as the products get more flexible and the tools allow security analysts swamped with incident reports to zero in on cases of actual ongoing...

st jude pacemaker

Medical device security ignites an ethics firestorm

One security research company is taking a controversial approach to disclosing vulnerabilities: It’s publicizing the flaws as a way to tank a company’s stock.

opera browser primary

Opera warns Sync users of possible data breach

On Friday, Opera, the Norwegian company responsible for the popular browser, warned users that the Opera Sync service might have been compromised. In response, the company issued a forced password reset for all Sync users.

space launch systems

NASA CIO allows HPE contract's authority to operate to expire

In the wake of continued security problems, NASA's CIO is sending a no-confidence signal to Hewlett Packard Enterprise, which received a $2.5 billion contract in 2011 to address problems with the agency's outdated and insecure...

stbasils cathedral moscow russia

vBulletin vulnerabilities expose 27 million accounts, including gamers on mail.ru

Recently exploited software vulnerabilities in vBulletin have exposed more than 27 million accounts across nearly a dozen websites. A majority of the compromised accounts are linked to three games on mail.ru. In addition to the gaming...

new york times building

Journalists are easy targets for hackers, and that shouldn't surprise anyone

Earlier today, the news broke that Russian intelligence is suspected of hacking journalists at the New York Times and other media outlets. The idea that intelligence agencies would target the media isn't at all surprising. But what...

network room data center

Attackers don't need vulnerabilities when the basics work just as well

You might not know it based on the hype and marketing dedicated to APTs and vulnerabilities, but most criminals don't need to target software or use fancy tactics to ruin a network and compromise sensitive data.

nsa

Hackers say leaked NSA tools came from contractor

On Friday, messages posted to Pastebin and Tumblr allege the recently leaked NSA files came from a contractor working a red team engagement for RedSeal, a company that offers a security analytics platform that can assess a given...

nsa

Alleged NSA data dump contain hacking tools rarely seen

A stolen cache of files that may belong to the National Security Agency contains genuine hacking tools that not only work, but show a level of sophistication rarely seen.

nsa

Cisco, Fortinet issue patches against NSA malware

Customers of Cisco and Fortinet security gear need to check that their versions of specific devices are patched against exploits patch exploits made public this week as a result of a purported hack of NSA malware.

padlocks

Salted Hash Rehashed: Vegas Adventures (Part I)

Welcome to a special edition of Rehashed. After a week in Las Vegas, followed by a week of nothing but sleep and pure laziness (otherwise known as vacation), we're getting back into the swing of things and catching up on the news and...

Great white shark

Use the internet? This Linux flaw could open you up to attack

A flaw in the Transmission Control Protocol (TCP) used by Linux since late 2012 poses a serious threat to internet users, whether or not they use Linux directly.

samsung pay mobile wallet nfc

Samsung both denies and admits mobile payment vulnerability

Samsung said that reports of a vulnerability in Samsung Pay mobile payments were "simply not true" -- but also admitted that token skimming was, in fact, possible but difficult enough that the potential risk was acceptable

Load More