Items tagged with vulnerability

The greatest benefit wireless peripherals offer is what they help cut down on: wires. Fewer wires means that our desktops are easier to keep clean, and we're not kicking wires as often under our desk. It's a win-win overall. Or is it? As with most things convenient, wireless peripherals can suffer exploits just like anything else that's open to a wireless connection. While your keyboard is designed to handshake with an adapter that's plugged into your PC, there's usually nothing stopping the data stream from being intercepted. Though remote, no question, it could be a legitimate attack vector.... Read more...
It's not often that people feel compelled to side with Google on the topic of privacy, but the company's newest CEO, Sundar Pinchai, gives us a great reason to. As Brandon covered in great detail yesterday, Apple has been ordered by U.S. Magistrate Judge Sheri Pym to provide the FBI access to an iPhone 5c that was used by the terrorists in December's San Bernardino shootings - but, there are a couple of problems with that. Apple insists that the backdoor the U.S. government wants doesn't exist, and CEO Tim Cook rages against the idea that his company should build one for any of its products. If... Read more...
If you're surfing the Internet with a browser (a rarity, we know), there's a new bug to be cautious of. With a bit of simple JavaScript, a browser's HTML5 History API can be called upon thousands of times, ultimately causing a meltdown. Of course, a dedicated website (CrashSafari.com) exists to act as a proof of concept, and of course, there are many trolls out there trying to trick you into visiting it. This prank isn't harmful, but it can still be a major nuisance. In a rare case, it could cause you to have to reboot, and almost always, it will cause you to lose your open tabs (unless you have... Read more...
2015 has proven to be a massive year for Adobe's Flash plugin, but for all the wrong reasons. Flash is already infamous for being one of the most vulnerable pieces of software on the planet, but in 2015, 316 bugs were found and squashed. That comes out to about 6 bugs per week for a piece of software that's used by the vast majority of notebook and desktop users. What's most impressive about the sheer number of bugs Flash has is the fact that ultimately, we're dealing with a mere plugin here, not a massive software package. While Flash was once considered "cool", a de facto choice for Web animation,... Read more...
We've talked lots in the past about vulnerabilities that hit home and enterprise routers, but not quite as much about cable modems, where the importance of good security is arguably even more paramount. The reason for that is that most often, customers do not have control over the firmware in such devices. If a vulnerability is found and patched, it's up to the ISP to issue it, automatically. As you might imagine, this could lead to some serious problems if your ISP isn't too on top of things. A great example of this is brought forth by security researcher Bernardo Rodrigues. He found that with... Read more...
Security firm Lookout has just revealed what could be one of the most hard-hitting pieces of malware to ever hit Android. It doesn't have an official name, except to be referred to as "trojanized adware", and right from the top, we can tell you that if you only stick to downloading apps through Google's Play Store, you have nothing to worry about. There are two things that make this piece of malware so severe. First, it's effectively wrapped around legitimate apps. Users can download these, such as Facebook and Snapchat, and install them normally. Nothing will look out-of-the-ordinary, and Google... Read more...
Mere days after it was revealed that crowdfunding website Patreon had been breached, the entire collection of stolen digital goods has been posted online. Making this leak even more severe than typical ones is that not only is user account information included, but so too is some site source code (or potentially all of it), as well as private messages. If the encrypted information can be cracked, that could result in the revealing of social security numbers and tax IDs. Patreon is a website where "patrons" are able to support their favorite content creators with a monthly subscription.... Read more...
Where computer security is concerned, it almost seems like unauthorized access can be granted via an unlimited number of ways. While computer security in the home is obviously very important, having good defenses in the enterprise market is paramount. In some cases, slipping up could result in the loss of millions of dollars, and perhaps result in a major mess to clean up. Keeping up on that security is easier said than done, though. As security firm FireEye reports, there are some layers of security that simply get overlooked far too often, but soon enough, they won't be able to be ignored. In... Read more...
Here we go again. Researchers for Tangible Security have discovered three major vulnerabilities which strike at least three different Seagate enclosures - the Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie FUEL - equipped with firmware 2.2.0.005 or 2.3.0.014. As these things go, other devices and firmware versions could be affected; these are just the ones the researchers have been able to confirm. The first bug, named CVE-2015-2874, relates to an installed telnet server that grants root access with a default password. If login is granted, havoc can be wreaked... Read more...
We reported earlier this week that a Jeep Cherokee could be remotely accessed and controlled, and I wouldn't blame anyone for being a skeptic. After all, what are the chances of someone remote being able to disable the transmission? Well, with Fiat Chrysler's response, I think that question has been answered. In a press statement issued today, the company has announced that it's recalling 1.4 million cars that are equipped with certain UConnect radios. Dodges, Jeeps, Rams, and Chrysler's are affected. Ultimately, it seems like this recall isn't going to be that painful for owners of the affected... Read more...
Microsoft is plugging a security hole with a new Critical-rated security update. The patch will fix an issue in Windows and OpenType fonts that could expose users to malicious website content. So long as you have automatic updates enabled, your PC will download and install the patch, if it hasn’t already. “This security update resolves a vulnerability in Windows that could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts,” Microsoft said in a statement. It deems the hole dangerous enough to have released... Read more...
We reported last week on a new zero-day vulnerability in Adobe Flash that was revealed following the leak of data from the Italian hacking group "Hacking Team". It's hardly a surprise when such a vulnerability is found in either Flash or Java, and as sad as it is, it's not even surprising to learn that two more have been found. Oy! The latest vulnerabilities, named CVE-2015-5122 and CVE-2015-5123, are considered critical, and affect the Flash player on Windows, OS X, and Linux. A verbatim threat to last week's vulnerability, "successful... Read more...
This week, something nearly as common as breathing happened: a severe Adobe Flash vulnerability was revealed. How this one came to be, however, is far more interesting than most. Earlier this week, a well-known Italian hacking group called 'Hacking Team' was itself hacked. On Monday, the group's Twitter account was hijacked to post a link to a torrent file that includes about 400GB worth of its data. We're now finding out that this data could have huge repercussions for software vendors and regular consumers alike. Because Hacking Team's efforts largely revolve around exploiting bugs in popular... Read more...
Jan Souček, a security researcher from Prague, has uncovered a vulnerability in the security of the iOS Mail application that nefarious types can deploy against users of the app to gain access to their iCloud passwords.    The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information. Specifically,... Read more...
1 2 3 Next