vulnerability
“Secure” UK hotel booking site leaking customer data
An infosec consultant looking to book a hotel via HotelHippo.com, owned by HotelStayUK, has ultimately discovered that the website is definitely not to be trusted with private …
Bug in WordPress plugin allows unauthorized file upload
WordPress users who also use the MailPoet plugin are urged to update it as soon as possible, as all versions but the latest one are plagued with a critical flaw that could …
Facebook SDK flaw allows unauthorized access to Facebook accounts
MetaIntell has uncovered a significant security vulnerability in the Facebook SDK (V3.15.0) for both iOS and Android. Dubbed Social Login Session Hijacking, when exploited …
PayPal 2FA flow partially mitigated, accounts are safe
In the wake of the revelation of a flaw that allows attackers to bypass PayPal’s two-factor authentication feature, the e-payment giant has made it temporarily …
Critical Android code-execution flaw affects all but the latest version
IBM researchers have discovered a critical security vulnerability in Android 4.3 (Jelly Bean) and below which could allow attackers to exfiltrate sensitive information – …
Drastic decline in vulnerable NTP servers due to Heartbleed?
In light of the escalation of DDoS attacks used as a means of extorting money from online businesses, the news that there has been a significant decrease in vulnerable Network …
Critical flaw exposes admin passwords of nearly 32,000 servers
Over 30,000 servers with Supermicro baseboard management controllers (BMCs) on their motherboards are offering up administrator passwords to anyone who knowns where to look, …
Microsoft patches DoS flaw in its Malware Protection Engine
Microsoft has released an update for its Malware Protection Engine to fix a privately reported security vulnerability that could allow a denial of service if the Microsoft …
Analysis of 3000 vulnerabilities in SAP
According to official information from SAP portal, more than 3000 vulnerabilities have been closed by SAP. Here are 6 highlights from a research conducted by the ERPScan team …
OpenSSL releases patches for critical MITM, code execution flaws
OpenSSL users, you need to patch again. The OpenSSL team released a security update that fixes 6 vulnerabilities, two of which could be considered critical. The first one is …
Critical bug in GnuTLS crypto library could allow malicious code execution
Another critical bug in an open source SSL/TLS (and DTLS) cryptographic library has been discovered and patched last week. The affected library is GnuTLS, and is used in a …
Cupid exploits Heartbleed bug on WiFi networks and Android
Nearly two months have passed since the public revelation of the Heartbleed bug affecting the widely used open source cryptographic library OpenSSL. The reaction of the …
Featured news
Sponsored
Don't miss
- Most people still rely on memory or pen and paper for password management
- What AI can tell organizations about their M&A risk
- Breaking down the numbers: Cybersecurity funding activity recap
- Applying DevSecOps principles to machine learning workloads
- Overcoming GenAI challenges in healthcare cybersecurity