vulnerability
Fitness app Polar Flow reveals home addresses of soldiers, spies
Polar Flow can reveal sensitive information about the lives of users, including intelligence agents, embassy workers, military men and women, workers at nuclear weapons …
New LTE attacks can reveal accessed websites, direct victims to malicious sites
Three new attacks against the LTE 4G wireless data communications technology have been pinpointed by researchers from Ruhr University Bochum and New York University Abu Dhabi. …
Cisco plugs critical flaws in many switches, security appliances
Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its …
Vulnerability in GnuPG allowed digital signature spoofing for decades
A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected …
Researcher hacks smart fingerprint padlock in mere seconds
The Tapplock one “smart” padlock, which received many rave reviews by tech-focused news sites and YouTubers, can be forced to open in under two seconds with a …
Fooling security tools into believing malicious code was signed by Apple
The way developers of third-party security tools use the Apple code signing API could be exploited by attackers to make malicious code linger undetected on Macs, a security …
VMware plugs RCE hole in remote management agent
VMware has fixed a critical remote code execution vulnerability in VMware AirWatch Agent for Android and Windows Mobile, and is urging users to upgrade to the newest versions …
Adobe releases fix for actively exploited Flash Player zero-day
If you’re still using Flash Player, it’s time to update it again – and quickly: Adobe has just patched a critical zero day vulnerability (CVE-2018-5002) …
Vulnerable ship systems: Many left exposed to hacking
Pen Test Partners’ Ken Munro and his colleagues – some of which are former ship crew members who really understand bridge and propulsion systems – have been …
Zip Slip vulnerability affects thousands of projects
An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …
Quantifying cyber exposure: Attackers are racing ahead
Cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims, potentially siphoning sensitive data, …
New Spectre-like flaw found in CPUs using speculative execution
A new flaw that can allow an attacker to obtain access to sensitive information on affected systems has been discovered in modern CPUs. CVE-2018-3639, discovered by …
Featured news
Resources
Don't miss
- Five ways OSINT helps financial institutions to fight money laundering
- DevOps in the cloud and what is putting your data at risk
- Russian threat actors using old Cisco bug to target critical infrastructure orgs
- AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged
- Using lightweight LLMs to cut incident response times and reduce hallucinations