vulnerability

  1. B

    Using Windows 7 Will Get You Hacked?

    Hi, I know that Windows 7 support has ended back in January this year. I saw a comment that said if you keep using it still you will get hacked. How true is that comment? How will I get hacked if I don't go to malicious websites and use NOD32? Also, can my PC get hacked just by being on idle...
  2. Pieter3dnow

    Dell PCs ship with DLL hijacking bug

    https://fudzilla.com/news/48929-dell-pcs-ship-with-dll-hijacking-bug
  3. cageymaru

    The DHS Issues Medical Advisory for Medtronic Cardiac Devices

    The Department of Homeland Security (DHS) has issued a cybersecurity warning that documents vulnerabilities in the Medtronic Conexus Radio Frequency Telemetry Protocol. Medtronic makes cardio-defibrillators that are planted into a patient's chest and can be read and programmed by trained medical...
  4. cageymaru

    Thousands of IoT Refrigerators Worldwide Are Using Default Passwords

    Refrigerators worldwide featuring temperature control systems from Resource Data Management still have the default password "1234" as their login. "These systems all use the unsecured HTTP protocol and the 9000 port (or sometimes 8080, 8100, or even simply 80)." Israeli security activists Noam...
  5. cageymaru

    PremiSys IDenticard System Vendor Ignores Security Researcher Findings

    A security researcher from Tenable Research discovered a hardcoded backdoor in the 3.1.190 PremiSys IDenticard system that "allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and pretty much any other administrative function." Security...
  6. cageymaru

    Microsoft Releases Emergency Security Update for Actively Exploited Vulnerability

    Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as...
  7. cageymaru

    Chinese Hackers Are Targeting U.S. Military Contractors

    The Wall Street Journal is reporting that the U.S. Navy and Air Force are the focus of new cyberattacks as the hackers search the computer systems of contractors to find classified advanced military technology. A Chinese hacking group known as Temp.Periscope or Leviathan is using email phishing...
  8. cageymaru

    New Google+ API Bug Affects 52 Million Consumers and Enterprise Customers

    A new Google+ API bug has been discovered and it affects 52 million consumers and enterprise customers. Google discovered the bug and believes that no app developers knew of or exploited the system in the 6 days that the bug was present. This discovery has made Google rethink the August 2019...
  9. cageymaru

    The U.S. Department of Justice Indicts Two Iranians of Deploying SamSam Ransomware

    The U.S. Department of Justice has unsealed an indictment of two Iranians for computer hacking and deploying a crippling style of ransomware called "SamSam Ransomware" onto American and Canadian public institutions such as hospitals and municipalities. Faramarz Shahi Savandi, 34, and Mohammad...
  10. cageymaru

    Sennheiser HeadSetup Pro Vulnerability Leaked Private Keys

    Sennheiser HeadSetup and HeadSetup Pro were recently updated because the softphone applications installed root certificates and then leaked the private keys. Malicious actors could extract the private keys and use them to spoof other websites and software publishers. To fix the issue...
  11. cageymaru

    Intel CPUs Are Vulnerable to New PortSmash Side-Channel Exploit

    PortSmash is a new hardware level side channel exploit that leaks encrypted data from a computer's memory or CPU. Scientists can use multiple ways to record and analyze the data to break encryption algorithms and recover the CPU's data. Researchers from Tampere University of Technology in...
  12. cageymaru

    Android and Google Play Security Rewards Programs Surpass $3 Million in Payouts

    For the past 3 years, Google has been paying top researchers for submitting vulnerability reports about flaws and bugs in the Android ecosystem. Recently the Android Security Rewards (ASR) just exceeded the $3 million mark in rewards to researchers. This year alone 470 qualifying vulnerability...
  13. cageymaru

    Hardware Vulnerable to Google RFID Keycard Door Hack Still in Use by Other Companies

    Google security researcher David Tomaschik discovered an exploit that allowed him access to any RFID keycard enabled door on the Google campus. By analyzing the seemingly random lock and unlock codes that his door sent through the Google network, he was able to discover the encryption key...
  14. cageymaru

    Microsoft Patch Tuesday Addresses Intel L1 Terminal Fault Vulnerability

    Microsoft Patch Tuesday has implemented fixes and improvements to address the newly disclosed Intel L1 Terminal Fault (L1TF). AMD's Bulldozer and Jaguar processors reclaim lost performance as an issue that caused high CPU usage and degradation with Family 15h and 16h AMD processors was...
  15. cageymaru

    Intel Spectre Vulnerabilities Now Have a Release Schedule

    Intel has adopted a release schedule for new Spectre vulnerability disclosures. According to The Register, starting today new patches will be released quarterly to patch the latest exploits. This is akin to the Windows Patch Tuesday. I never thought that hardware would have a patch release...
  16. O

    How do you test for Spectre/Meltdown vulnerability? In what CPU will it be fixed at hardware level?

    Two questions: How do you test or check for Spectre / Meltdown vulnerability? Do we know, yet, in what CPU these will be fixed at hardware level? So will 9th generation Intel CPU's be "immune" for example? I ask the second question because it seems like new "variants" of the above...
  17. DooKey

    Intel Announces New Speculative Execution Side Channel Vulnerability

    There's a new Core processor vulnerability that Intel has just announced and they consider this one to be of moderate severity. The Lazy FP state restore technique is the cause of this vulnerability and Intel is recommending that developers use the Eager FP state restore instead of Lazy FP state...
  18. S

    MSI X99S XPOWER AC Spectre/Meltdown BIOS?

    Hey guys, Back in January MSI put out a press release that they were coming out with a new BIOS for a ton of mobos - including my X99S XPOWER AC - http://www.guru3d.com/news-story/msi-releases-bios-updates-to-address-recent-vulberabilities.html - however, the firmware mentioned (E7881IMS.1C0)...
  19. DooKey

    Steam Client had a Remote Code Execution Vulnerability for at Least 10 Years

    Don't delete your Steam client. The vulnerability has been fixed, but the simple fact of the matter is it was just sitting there for at least ten years. This was a nasty vulnerability that would allow remote code execution on the computer hosting the client. There were no known attacks using...
  20. DooKey

    Hardcoded Password Found in Cisco Software

    Cisco is constantly releasing security advisories for their products, but the recent advisory has an interesting little tidbit about a hardcoded password. Believe it or not their Prime Collaboration Provisioning software app has a hardcoded password that can be exploited by a local attacker...
  21. R

    New Tool Detects If Your PC Is Vulnerable To Meltdown And Spectre

    Gibson Research has released a new tool called InSpectre to detect if your PC is vulnerable to Meltdown and Spectre. The tiny 122 KB program runs in place and checks identifiers as well as Microsoft updates to be sure you are protected from these flaws. Very cool little piece of software...
  22. DooKey

    DirecTV Wireless Kit has an Unpatched Vulnerability

    Security researcher, Ricky Lawshae, has discovered a nasty vulnerability in the Linksys wireless video bridge provided with DirecTv's Genie server. This vulnerability allows a user to gain root access on the device and then install malware or backdoors without detection. You would think...
  23. DooKey

    Eavesdropper Vulnerability Exposes Hundreds of Mobile Apps

    Appthority on Thursday warned that up to 700 apps in the enterprise mobile environment, including more than 170 that were live in official app stores, could be at risk to due to the Eavesdropper vulnerability. The vulnerability has resulted in large-scale data exposure, Appthority said. This...
  24. Schtask

    IPV6 Transistion Tools Raise Security Concerns

    NATO's Cooperative Cyber Defence Centre of Excellence has published a research paper claiming that IPv4 to IPv6 transition tools have security holes that can be utilized to create undetectable communications channels across networks. Through these channels an attacker could exfiltrate data and...
  25. Zarathustra[H]

    LastPass Working on Yet Another Security Fix

    It seems like the last couple of weeks have been pretty rough for LastPass. Tavis Ormandy at Googles Project Zero team apparently had a shower epiphany, and found yet another vulnerability in LastPass resulting in arbitrary code execution. That's quite a lot accomplished before putting your...
  26. Zarathustra[H]

    Cisco Finds Vulnerability in its IOS Software by Reviewing CIA Vault 7 Leak

    Whenever governments or companies release documentation late in the day on a Friday, you can be pretty sure it's something they hope people won't notice. Such is probably the case with CVE-2017-3881, a vulnerability Cisco discovered in its IOS and IOS XE software which could allow an attacker...
  27. Zarathustra[H]

    Critical VMWare Security Advisory VMSA-2017-0004.3

    If you use VMWare's DaaS, vCenter, vROps or Hyperic, right about now would be a good time to apply the latest patch for VMware Security Advisory VMSA-2017-0004.3, which allows for remote code execution and complete system compromise. Personally I wouldn't want to leave vCenter 6.0 or 6.5...
  28. Zarathustra[H]

    Ubiquiti Routing Products Vulnerable to Hijack due to Use of 20 Year Old Version of PHP

    Many of our pro-sumer readers, myself included, have come to like Ubiquiti Networks products over the years for their enterprise-like reliability and management capabilities, but their consumer-like pricing. I should know, I am one of them. The Reg has a story up that might cast some doubt on...
  29. Zarathustra[H]

    Vulnerability in WhatsApp and Telegram Allowed Complete Account Takeover

    Well, it looks like the CIA might have been slacking on this one, as they were apparently unaware of any method to break popular encrypted messaging clients remotely, instead having to take the circuitous route of first compromising the handset itself in order to listen in on communications...
Back
Top