vulnerability
More than 900 embedded devices share hard-coded certs, SSH host keys
Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a …
Dell shipped computers with root CA cert, private crypto key included
All desktop and laptops shipped by Dell since August 2015 contain a root CA certificate (eDellRoot) complete with the private cryptographic key for it, opening users to the …
9271 crucial vulnerabilities found in 185 firmware images of embedded devices
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices – …
Cyber crooks actively hijacking servers with unpatched vBulletin installations
Administrators of vBulletin installations would do well to install the latest vBulletin Connect updates as soon as possible, as cyber crooks are actively searching for servers …
Bug in Android Gmail app allows effective email spoofing
Yan Zhu, a Technology Fellow at the Electronic Frontier Foundation, has unearthed a flaw in the Gmail Android app that can lead to very effective phishing attacks.The flaw is …
BadBarcode: Poisoned barcodes can be used to take over systems
Researchers from Tencent’s Xuanwu Lab have proved that a specially crafted barcode can be used to execute commands on a target system, saddle it with malware, or perform …
vBulletin, Foxit forums hacked, attacker exploited a zero-day flaw?
On Monday, a vBulletin support manager has announced on the company’s forums that they are forcing a password reset for all of its customers.“Very recently, our …
Open source tool checks for vulnerabilities on Android devices
OEMs like Samsung and HTC run heavily customized versions of Android. Unfortunately, the OEM patch deployment infrastructure is disorganized and too often end users are left …
Open source KeeFarce tool loots encrypted passwords stored in KeePass
Denis Andzakovic, a hacker and researcher with New Zealand-based security consultancy Security-Assessment.com, has released the source code for KeeFarce, a tool that can …
The value in vulnerability management platforms
A study conducted by Forrester Consulting assessed IT decision makers’ satisfaction with their current vulnerability management platforms and the challenges companies …
US Library of Congress makes tinkering with your car software legal
The US Digital Millennium Copyright Act (DMCA) makes it illegal to circumvent technological measures used to prevent unauthorized access to copyrighted works. But, there are …
Cloud-based vulnerability management: Top vendors in the field
With an increasingly fast-paced threat landscape threatening even the most complex network security infrastructures, vulnerability management has become essential.Many vendors …