vulnerability Archives - Help Net Security

Don't miss:

Decryption key for Apple iOS Secure Enclave Processor firmware revealed

Attackers turn to auto-updating links instead of macros to deliver malware

New infosec products of the week: August 18, 2017

binary

Two Foxit Reader RCE zero-day vulnerabilities disclosed

August 18, 2017
0-day
Foxit
vulnerability

Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one …

Chrome

Google Chrome remote code execution flaw detailed, PoC released

August 17, 2017
Chrome
PoC
vulnerability

Vulnerability broker Beyond Security has released details about and Proof of Concept code for a remote code execution bug affecting Google Chrome. “The [type confusion] …

DNA

Researchers pull off DNA-based malicious code injection attack

Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a …

Law legislation

PACER vulnerability allowed hackers to access legal docs while sticking others with the bill

August 10, 2017
PACER
USA
vulnerability

A CSRF flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. What is PACER? …

Microsoft

Microsoft fixes 25 critical issues in August Patch Tuesday

The Microsoft August 2017 Patch Tuesday update has landed and contains patches for 48 vulnerabilities, 25 of which are for critical issues. 27 of the vulnerabilities can be …

Siemens

Siemens CT scanners open to remote compromise via publicly available exploits

Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand. …

fuzzing

Microsoft opens fuzz testing service to the wider public

Microsoft Security Risk Detection, a cloud-based fuzz testing service previously known under the name Project Springfield, is now open to all and sundry. Fuzz testing (i.e. …

car wash

Hackable smart car wash systems can hurt people

Two years after researchers Billi Rios and Terry McCorkle first flagged serious vulnerabilities in automatic, smart car wash systems by US manufacturer PDQ, the company is …

smart grid

How to protect the power grid from low-budget cyberattacks

Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources …

danger

Security vulnerabilities in radiation monitoring devices

IOActive researcher Ruben Santamarta has uncovered a number of cybersecurity vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs), and has presented his …