vulnerability
Exploring the dynamics of the attacker economy
Global software companies are increasingly turning to attackers for help identifying security vulnerabilities in their offerings – and they’re not the only ones. Conservative …
Cisco plugs serious flaws in Policy Suite, SD-WAN, and Nexus switches
Cisco has issued another batch of fixes, plugging a number of critical and high severity holes in its Policy Suite, SD-WAN, and Nexus products. Cisco Policy Suite Users of the …
Fitness app Polar Flow reveals home addresses of soldiers, spies
Polar Flow can reveal sensitive information about the lives of users, including intelligence agents, embassy workers, military men and women, workers at nuclear weapons …
New LTE attacks can reveal accessed websites, direct victims to malicious sites
Three new attacks against the LTE 4G wireless data communications technology have been pinpointed by researchers from Ruhr University Bochum and New York University Abu Dhabi. …
Cisco plugs critical flaws in many switches, security appliances
Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its …
Vulnerability in GnuPG allowed digital signature spoofing for decades
A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected …
Researcher hacks smart fingerprint padlock in mere seconds
The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a …
Fooling security tools into believing malicious code was signed by Apple
The way developers of third-party security tools use the Apple code signing API could be exploited by attackers to make malicious code linger undetected on Macs, a security …
VMware plugs RCE hole in remote management agent
VMware has fixed a critical remote code execution vulnerability in VMware AirWatch Agent for Android and Windows Mobile, and is urging users to upgrade to the newest versions …
Adobe releases fix for actively exploited Flash Player zero-day
If you’re still using Flash Player, it’s time to update it again – and quickly: Adobe has just patched a critical zero day vulnerability (CVE-2018-5002) …
Vulnerable ship systems: Many left exposed to hacking
Pen Test Partners’ Ken Munro and his colleagues – some of which are former ship crew members who really understand bridge and propulsion systems – have been …
Zip Slip vulnerability affects thousands of projects
An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …