Items tagged with vulnerability

There might not be a storage medium that's definitively indestructible, or perfectly reliable, but solid-state storage would rank near the top. A hard drive, for example, might be able to house an incredible amount of data, but if it's dropped to the ground, or its host PC is bumped hard enough, all of that data could effectively be ruined in the blink of an eye. Solid-state storage is a bit different. If it's jostled during operation, it won't be affected, and the same goes for experiencing a fall to the ground. But, despite its durability, it's still not indestructible or entirely reliable, and... Read more...
Last Friday, we reported on a major cyberattack involving ransomeware that hit a large number of computers - including some belonging to the UK's National Health Service. At first, the malware's reach wasn't too clear, but as the weekend went on, we learned that the number of affected PCs reached at least 200,000 worldwide. Given the nature of this beast, that is downright terrifying. The big question right now is, "Who's at fault?" The blame could easily be shifted to Microsoft, as the bug that allowed this to happen was directly attributed to its own code. While the company is to be commended... Read more...
We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously. This particular family of NSA exploits are being dubbed "DoublePulsar", and they're severe enough to warrant immediate attention to your Windows PCs. Last... Read more...
What's that in the air? Could it be the smell of egg nog and pine? Nope, it's Microsoft Patch Tuesday, of course! This month's rollout is rather large and notable for a number of reasons. However, what matters most is that if you're not up-to-date yet, you'll want to take a little trip to the Windows Update section and take care of business. Speaking of business, the advice to update is imperative for those managing user PCs in the enterprise, as this rollout of patches includes a fix for a huge bug Google disclosed one week ago. This bug, called CVE-2016-7255, is a local privilege escalation flaw... Read more...
As unfortunate as it is, it's really hard nowadays to be shocked at the thought of someone getting infected with malware, or even a piece of ransomware (which can now even affect Linux). It is still possible to get shocked though, with Betabot proving it for us. This piece of malicious software doesn't just fetch user data from an infected machine, it also infects the machine with ransomware. Oy. Betabot is arguably one of the worst types of malware out there, as it's effective at getting through security protections to find and take financial information, and then lock the machine up type before... Read more...
If you operate a Web server that runs on Linux, we're here to give you a bit of a prod in case you haven't updated it in a while. A piece of ransomware called FairWare is floating around, and as you'll soon see, its name is ironic as it's anything but "fair". Reports are coming in of users who have been struck with this awful type of malware, although it doesn't seem clear at this point exactly how the infection takes place. It's also not clear if this is some sort of automated attack -- one that simply scans the internet at large and infects where it can -- or if the attacks are focused. Either... Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits... Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back... Read more...
Nothing beats wireless for convenience, but whenever you transmit important data through the air, there's a risk that someone could be nearby, ready to intercept the signals before they reach their destination. If this sounds familiar, it might be because we talked about this very thing earlier this year, when security firm Bastille ousted 'MouseJack', an overly-marketed vulnerability affecting wireless peripherals from major vendors, including Microsoft and Logitech. Well, Bastille is back, this time with 'KeySniffer', another vulnerability (or set of vulnerabilities) that has apparently also... Read more...
With Nintendo's latest game - a mobile one, at that - the company has proven that there is still a lot of innovating to do in the market. While Pokemon GO is based on another title, Ingress, any game is going to have a greater chance of success when it features one of the most popular franchises ever. GO isn't just some regular Pokemon game: it's making the masses realize that augmented reality can be really cool. What's not cool, though, is that popular mobile apps are a hot target for malware. And since Pokemon GO hasn't been released worldwide yet, many have taken to the scarier parts of the... Read more...
It's beginning to look like some rather sophisticated hackers have made their way into Apple's core and crippled iCloud security so severely that some iPhones have essentially been held hostage. A few iPhones here and there might not seem like a big deal, but ultimately, there could be a staggering 40 million iCloud accounts (approximately) at risk here. According to CSO Online, some iPhone users, dating back to February this year, have found their devices compromised, held hostage by Russian hackers. The attack is almost too simple. An iCloud account is broken into (with the help of leaked credentials),... Read more...
We wrote earlier about the kind of success Google has been seeing with its Android bug bounty program -- success that has led the company to actually increase its rewards. Over the years, we've seen other major companies offer bug bounties as well, such as Facebook and Microsoft, so it's clear that they can provide some real value. Could that value be important enough for the US government to get in on the action? It appears that "yes", it certainly can. In a new report from the Pentagon, the groundwork is laid for future programs that target much more than some front-facing websites, which is... Read more...
If you've shopped at Acer's US website at any point between May 12, 2015 and April 28, 2016, you have immediate reason for concern. Acer has just revealed to the California Attorney General's office that its ecommerce servers were hit last spring, and remained vulnerable up until this spring. Unfortunately, this isn't a mere case of someone gaining access to names and addresses - it gets much worse. Acer admits that credit card information could have been fetched by these third parties, which includes not only the credit card number, but also the CCV security code and expiry date. It's not clear... Read more...
It has been suggested that the microprocessors we use each and every day could pack in a bit more than we bargained for; namely, the tools needed for spying or undetectable access. And unfortunately, according to security researcher and developer Damien Zammit, there's a potential reason to be concerned over the "ME" or Management Engine module found in all Intel chipsets manufactured after the Core 2 era. If you've built your own Intel-based PC in recent years, or have at least reinstalled the OS and needed to install all of the drivers on your own, you've probably noticed a piece of software... Read more...
1 2 3 4 Next