• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

vulnerability

  1. Zarathustra[H]

    RegreSSHion: OpenSSH Server Vulnerability

    I missed this one over the holiday week. Maybe many of you did too. Apparently there is yet another vulnerability in the OpenSSH server. The kicker is, this one was fixed before, but somehow it came back, thus it has been named RegreSSHion...
  2. B

    Using Windows 7 Will Get You Hacked?

    Hi, I know that Windows 7 support has ended back in January this year. I saw a comment that said if you keep using it still you will get hacked. How true is that comment? How will I get hacked if I don't go to malicious websites and use NOD32? Also, can my PC get hacked just by being on idle...
    • Boris_yo
    • Thread
    • hacking remote code execution security support vulnerability windows 7 x64
    • Replies: 132
    • Forum: Operating Systems
  3. Pieter3dnow

    Dell PCs ship with DLL hijacking bug

    https://fudzilla.com/news/48929-dell-pcs-ship-with-dll-hijacking-bug
  4. cageymaru

    The DHS Issues Medical Advisory for Medtronic Cardiac Devices

    The Department of Homeland Security (DHS) has issued a cybersecurity warning that documents vulnerabilities in the Medtronic Conexus Radio Frequency Telemetry Protocol. Medtronic makes cardio-defibrillators that are planted into a patient's chest and can be read and programmed by trained medical...
    • cageymaru
    • Thread
    • cardiac cybersecurity defibrillator dhs exploit medtronic vulnerability
    • Replies: 29
    • Forum: HardForum Tech News
  5. cageymaru

    Thousands of IoT Refrigerators Worldwide Are Using Default Passwords

    Refrigerators worldwide featuring temperature control systems from Resource Data Management still have the default password "1234" as their login. "These systems all use the unsecured HTTP protocol and the 9000 port (or sometimes 8080, 8100, or even simply 80)." Israeli security activists Noam...
    • cageymaru
    • Thread
    • default password iot refrigerator resource data management technology vulnerability worldwide
    • Replies: 30
    • Forum: HardForum Tech News
  6. cageymaru

    PremiSys IDenticard System Vendor Ignores Security Researcher Findings

    A security researcher from Tenable Research discovered a hardcoded backdoor in the 3.1.190 PremiSys IDenticard system that "allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function." Security...
    • cageymaru
    • Thread
    • admin backdoor crack door security exploit facility hacker identicard password premisys identicard security security research technology vulnerability
    • Replies: 18
    • Forum: HardForum Tech News
  7. cageymaru

    Microsoft Releases Emergency Security Update for Actively Exploited Vulnerability

    Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as...
    • cageymaru
    • Thread
    • emergency exploit internet explorer microsoft os patch pc software technology vulnerability windows windows update zero-day
    • Replies: 22
    • Forum: HardForum Tech News
  8. cageymaru

    Chinese Hackers Are Targeting U.S. Military Contractors

    The Wall Street Journal is reporting that the U.S. Navy and Air Force are the focus of new cyberattacks as the hackers search the computer systems of contractors to find classified advanced military technology. A Chinese hacking group known as Temp.Periscope or Leviathan is using email phishing...
    • cageymaru
    • Thread
    • air force china contractor cyberattack hacking subcontractor technology u.s. navy vulnerability
    • Replies: 36
    • Forum: HardForum Tech News
  9. cageymaru

    New Google+ API Bug Affects 52 Million Consumers and Enterprise Customers

    A new Google+ API bug has been discovered and it affects 52 million consumers and enterprise customers. Google discovered the bug and believes that no app developers knew of or exploited the system in the 6 days that the bug was present. This discovery has made Google rethink the August 2019...
    • cageymaru
    • Thread
    • api app bug enterprise google+ security breach technology vulnerability
    • Replies: 13
    • Forum: HardForum Tech News
  10. cageymaru

    The U.S. Department of Justice Indicts Two Iranians of Deploying SamSam Ransomware

    The U.S. Department of Justice has unsealed an indictment of two Iranians for computer hacking and deploying a crippling style of ransomware called "SamSam Ransomware" onto American and Canadian public institutions such as hospitals and municipalities. Faramarz Shahi Savandi, 34, and Mohammad...
    • cageymaru
    • Thread
    • backups data doj encryption fbi hacker iran malware ransomware samsam ransomware u.s. department of justice vulnerability
    • Replies: 15
    • Forum: HardForum Tech News
  11. cageymaru

    Sennheiser HeadSetup Pro Vulnerability Leaked Private Keys

    Sennheiser HeadSetup and HeadSetup Pro were recently updated because the softphone applications installed root certificates and then leaked the private keys. Malicious actors could extract the private keys and use them to spoof other websites and software publishers. To fix the issue...
  12. cageymaru

    Intel CPUs Are Vulnerable to New PortSmash Side-Channel Exploit

    PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in...
  13. cageymaru

    Android and Google Play Security Rewards Programs Surpass $3 Million in Payouts

    For the past 3 years, Google has been paying top researchers for submitting vulnerability reports about flaws and bugs in the Android ecosystem. Recently the Android Security Rewards (ASR) just exceeded the $3 million mark in rewards to researchers. This year alone 470 qualifying vulnerability...
    • cageymaru
    • Thread
    • android security rewards asr exploit google google play security rewards researcher reward security vulnerability
    • Replies: 4
    • Forum: HardForum Tech News
  14. cageymaru

    Hardware Vulnerable to Google RFID Keycard Door Hack Still in Use by Other Companies

    Google security researcher David Tomaschik discovered an exploit that allowed him access to any RFID keycard enabled door on the Google campus. By analyzing the seemingly random lock and unlock codes that his door sent through the Google network, he was able to discover the encryption key...
    • cageymaru
    • Thread
    • google hack internet of things iot keycard reader rfid rfid door security software house vulnerability widespread
    • Replies: 4
    • Forum: HardForum Tech News
  15. cageymaru

    Microsoft Patch Tuesday Addresses Intel L1 Terminal Fault Vulnerability

    Microsoft Patch Tuesday has implemented fixes and improvements to address the newly disclosed Intel L1 Terminal Fault (L1TF). AMD's Bulldozer and Jaguar processors reclaim lost performance as an issue that caused high CPU usage and degradation with Family 15h and 16h AMD processors was...
    • cageymaru
    • Thread
    • adobe flash amd countermeasure intel meltdown microsoft patch tuesday security spectre vulnerability
    • Replies: 11
    • Forum: HardForum Tech News
  16. cageymaru

    Intel Spectre Vulnerabilities Now Have a Release Schedule

    Intel has adopted a release schedule for new Spectre vulnerability disclosures. According to The Register, starting today new patches will be released quarterly to patch the latest exploits. This is akin to the Windows Patch Tuesday. I never thought that hardware would have a patch release...
  17. O

    How do you test for Spectre/Meltdown vulnerability? In what CPU will it be fixed at hardware level?

    Two questions: How do you test or check for Spectre / Meltdown vulnerability? Do we know, yet, in what CPU these will be fixed at hardware level? So will 9th generation Intel CPU's be "immune" for example? I ask the second question because it seems like new "variants" of the above...
  18. DooKey

    Intel Announces New Speculative Execution Side Channel Vulnerability

    There's a new Core processor vulnerability that Intel has just announced and they consider this one to be of moderate severity. The Lazy FP state restore technique is the cause of this vulnerability and Intel is recommending that developers use the Eager FP state restore instead of Lazy FP state...
  19. S

    MSI X99S XPOWER AC Spectre/Meltdown BIOS?

    Hey guys, Back in January MSI put out a press release that they were coming out with a new BIOS for a ton of mobos - including my X99S XPOWER AC - http://www.guru3d.com/news-story/msi-releases-bios-updates-to-address-recent-vulberabilities.html - however, the firmware mentioned (E7881IMS.1C0)...
    • sk3tch
    • Thread
    • bios cpu intel meltdown mobo motherboard msi security spectre vulnerability x99 x99s xpower ac
    • Replies: 9
    • Forum: Motherboards
  20. DooKey

    Steam Client had a Remote Code Execution Vulnerability for at Least 10 Years

    Don't delete your Steam client. The vulnerability has been fixed, but the simple fact of the matter is it was just sitting there for at least ten years. This was a nasty vulnerability that would allow remote code execution on the computer hosting the client. There were no known attacks using...
  21. DooKey

    Hardcoded Password Found in Cisco Software

    Cisco is constantly releasing security advisories for their products, but the recent advisory has an interesting little tidbit about a hardcoded password. Believe it or not their Prime Collaboration Provisioning software app has a hardcoded password that can be exploited by a local attacker...
  22. R

    New Tool Detects If Your PC Is Vulnerable To Meltdown And Spectre

    Gibson Research has released a new tool called InSpectre to detect if your PC is vulnerable to Meltdown and Spectre. The tiny 122 KB program runs in place and checks identifiers as well as Microsoft updates to be sure you are protected from these flaws. Very cool little piece of software...
  23. DooKey

    DirecTV Wireless Kit has an Unpatched Vulnerability

    Security researcher, Ricky Lawshae, has discovered a nasty vulnerability in the Linksys wireless video bridge provided with DirecTv's Genie server. This vulnerability allows a user to gain root access on the device and then install malware or backdoors without detection. You would think...
  24. DooKey

    Eavesdropper Vulnerability Exposes Hundreds of Mobile Apps

    Appthority on Thursday warned that up to 700 apps in the enterprise mobile environment, including more than 170 that were live in official app stores, could be at risk to due to the Eavesdropper vulnerability. The vulnerability has resulted in large-scale data exposure, Appthority said. This...
  25. Schtask

    IPV6 Transistion Tools Raise Security Concerns

    NATO's Cooperative Cyber Defence Centre of Excellence has published a research paper claiming that IPv4 to IPv6 transition tools have security holes that can be utilized to create undetectable communications channels across networks. Through these channels an attacker could exfiltrate data and...
    • Schtask
    • Thread
    • ipv4 ipv6 ipv6 tunneling network transition tools vulnerability
    • Replies: 7
    • Forum: HardForum Tech News
  26. Zarathustra[H]

    LastPass Working on Yet Another Security Fix

    It seems like the last couple of weeks have been pretty rough for LastPass. Tavis Ormandy at Googles Project Zero team apparently had a shower epiphany, and found yet another vulnerability in LastPass resulting in arbitrary code execution. That's quite a lot accomplished before putting your...
  27. Zarathustra[H]

    Cisco Finds Vulnerability in its IOS Software by Reviewing CIA Vault 7 Leak

    Whenever governments or companies release documentation late in the day on a Friday, you can be pretty sure it's something they hope people won't notice. Such is probably the case with CVE-2017-3881, a vulnerability Cisco discovered in its IOS and IOS XE software which could allow an attacker...
  28. Zarathustra[H]

    Critical VMWare Security Advisory VMSA-2017-0004.3

    If you use VMWare's DaaS, vCenter, vROps or Hyperic, right about now would be a good time to apply the latest patch for VMware Security Advisory VMSA-2017-0004.3, which allows for remote code execution and complete system compromise. Personally I wouldn't want to leave vCenter 6.0 or 6.5...
  29. Zarathustra[H]

    Ubiquiti Routing Products Vulnerable to Hijack due to Use of 20 Year Old Version of PHP

    Many of our pro-sumer readers, myself included, have come to like Ubiquiti Networks products over the years for their enterprise-like reliability and management capabilities, but their consumer-like pricing. I should know, I am one of them. The Reg has a story up that might cast some doubt on...
  30. Zarathustra[H]

    Vulnerability in WhatsApp and Telegram Allowed Complete Account Takeover

    Well, it looks like the CIA might have been slacking on this one, as they were apparently unaware of any method to break popular encrypted messaging clients remotely, instead having to take the circuitous route of first compromising the handset itself in order to listen in on communications...
Back
Top