Editor’s note: 4 Flaws is a new column where I’ll recap 4 vulnerabilities per month. With that, here are the flaws making news of late: 1.) Hackers target Huawei for “insecure coding practices and lack of security transparency.” Security researchers unveiled critical holes in routers from Chinese networking and telecommunications equipment manufacturer Huawei at Defcon in July. A session hijack, heap overflow and stack overflow were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to hijack the devices, researcher Felix Lindner, said. 2.) Researcher shows off Windows 8 attacks. There are at least three attack points in Windows 8 that could uncover exploitable vulnerabilities, said researcher Sung-ting Tsai, leader of an advanced threat research team for Trend Micro. 3.) Vulnerabilities found in three popular payment terminal models can result in credit card data theft, researchers say. Three widely deployed payment terminals have security holes attackers could exploit to steal credit card data and PINs. Researchers Nils and Rafael Dominguez Vega showed off the flaws at Black Hat. 4.) Researcher demos NFC-based smartphone hacking. Accuvant Labs researcher Charlie Miller demoed a way to break into both the Google/Samsung Nexus Sand Nokia N9 via Near Field Communication (NFC) capability in the smartphones. Miller showed Black Hat attendees how it’s possible to set up NFC-based radio communication to share content with the smartphones to play such tricks as writing an exploit to crash phones and even in certain circumstances read files on the phone. Contributors to this report: Lucian Constantin Ellen Messmer and Tim Greene Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe