vulnerability
OpenSSH bug enables attackers to brute-force their way into poorly configured servers
A vulnerability in the popular secure remote access software OpenSSH can be exploited by attackers to try to brute-force their way into the connection and access …
Bug in OS X Yosemite allows attackers to gain root access
Security researcher Stefan Esser has revealed the existence of a privilege escalation vulnerability affecting OS X 10.10 (Yosemite), and has provided a working proof of …
Smartwatches: A new and open frontier for attack
Smartwatches with network and communication functionality represent a new and open frontier for cyberattack, according to HP. They found that 100 percent of the tested …
600TB of data exposed due to misconfigured MongoDB instances
Shodan, the search engine that lets users find devices connected to the Internet, can be used for a number of different things. As its creator, John Matherly, pointed out, …
Proposed Wassenaar pact changes will harm cyber defenders instead of attackers
The comment period for the proposed amendments to the Wassenaar Arrangement regarding “cybersecurity items” has ended, and the overwhelming majority of the 150+ …
Reflections on virtualization security and the VENOM vulnerability
Virtualization is undoubtedly a great IT tool that enables organizations to quickly run new instances of servers and workstations, helps isolate environments, and allows for a …
School monitoring software’s hard-coded encryption key exposed
Impero Software is the creator and seller of “Impero Education Pro”, a piece of software that’s used in many UK schools to monitor school computers for …
High severity Internet Explorer 11 vulnerability identified after Hacking Team breach
After analyzing the leaked data from last week’s attack on Hacking Team, Vectra researchers discovered a previously unknown high severity vulnerability in Internet …
Flawed Android backup mechanism can lead to injected malicious apps
A flaw (CVE-2014-7952) in Android’s backup/restore mechanism can be exploited by knowledgeable developers to “respawn” malicious apps on phones, and make …
First Java zero-day in two years exploited by Pawn Storm hackers
Another zero-day vulnerability is being exploited in attacks spotted in the wild: this time, the targeted software is Java.The flaw was spotted by Trend Micro researchers, who …
Flaw allows hijacking of professional surveillance AirLive cameras
Nahuel Riva, a research engineer from Core Security, discovered vulnerabilities in AirLive’s surveillance cameras designed for professional surveillance and security …
Old MS Office feature can be exploited to deliver, execute malware
A Microsoft Office functionality that has been in use since the early 1990s can be exploited to deliver malicious, executable files to users without triggering widely used …