Items tagged with vulnerabilities
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had known security vulnerabilities in Q1 2021. According to data presented by the Atlas VPN team and collected by the Synopsys Cybersecurity Research Center, 63% of Android apps had known vulnerabilities, with an average of 39 vulnerabilities per app. The worst offenders of this 63% were gaming and financial apps, with the apps in the “top free games” category taking 96%...
Read more...
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices, leading to denial of service (DoS) and remote code execution. Forescout reports that the NAME:WRECK vulnerabilities are bugs within TCP/IP stacks FreeBSD, Nucleus NET, IPnet, and NetX. These stacks are used in millions of different devices, and when paired with the “often external exposure of vulnerable DNS clients,” the attack surface can be quite a large target. The...
Read more...
Internet of Things (IoT) devices have become more prevalent over the last few years, but they are often susceptible to hackers. Researchers recently discovered 125 security vulnerabilities on 13 NAS and routers. It is believed that these vulnerabilities are far-reaching and likely affect many similar devices. Independent Security Evaluators (ISE) researchers started their investigation in 2013. Their first round of research focused on NAS and routers that were intended for home office use. Their second round titled “SOHOpelessly Broken 2.0” assess security vulnerabilities in a wide range of device. They chose 13 devices that “ranged from devices designed for general consumers...
Read more...
If you think that the likes of the NSA needs to rely on zero-day exploits to get their job done, you apparently have things completely wrong. At the USENIX Enigma security conference in San Francisco this week, the NSA's chief of Tailored Access Operations, Rob Joyce said that it's his team's sheer talent makes its attacks successful, not simple flaws waiting to be exploited. While it does seem likely that the NSA makes use of zero-day exploits when the juicier ones are found, Joyce says that it's not as though his team simply has a "skeleton key" that's able to open any door it chooses. Instead, "persistence and focus will get you in." He continued that "There's so many more vectors that are...
Read more...
Conventional wisdom in years past was that hackers didn’t bother to exploit Apple’s OS X operating system because its relatively insignificant market share didn’t warrant wasting resources to exploit it. The reasoning was, why bother with OS X when Windows was pushing over 90 percent of the worldwide OS market? However, in recent years, Apple has seen an uptick in Mac sales and pretty much dominates the field when it comes to notebooks priced over $1,000. The higher sales profile for Macs running OS X also means more attention from nefarious parties that are ready to strike. The latest report from GFI shows that both of Apple’s major operating systems sat atop the leaderboard when it came to...
Read more...
We talked earlier this week about all of the software that lost their battles against the hackers at the Pwn2Own competition in Vancouver, Canada, but lest we forget about the sister competition, Pwnium 3. This particular competition was heavily sponsored by Google, with the company paying well more than $100,000 per exploit discovered against its Chrome browser. Examples would be a system compromise delivered via a webpage while in guest mode or even better - an exploit that results in device persistence (lasting through the reboots). Well, while Chrome fell at Pwn2Own - despite Google patching 6 severe bugs prior to the event - it remained strong at Pwnium 3. Equipped with Samsung Series 5...
Read more...
File this one under “Worst News of the Day”. According to a report from Cenzic, a staggering 99% of all web-based and mobile apps it tested have security vulnerabilities that can be exploited by cybercriminals, and the median number of vulnerabilities per app is thirteen. The included infographic shows the areas of vulnerability that exist, and the report details the type, frequency, and severity of these issues as they pertain to web- and cloud-based and mobile applications. Cross-scripting is the most common type of vulnerability. For their part, mobile applications are vulnerable to threats from privacy violations, infrastructure, session management, and more. Cenzic CTO Scott...
Read more...
It seems, sometimes, that a new phishing scam crops up every day, no matter how much security is improved.That's not just your imagination.IBM today released its annual IBM X-Force 2009 Trend and Risk Report, which showed threats that include phishing and document format vulnerabilities, among others, are on the rise.The areas are of most concern, the report showed:Malicious Web links, which result in malware or viruses being downloaded onto the clicker's computerPhishing scams, where messages from a seemingly legit organization or company fool users into turning over sensitive informationVulnerabilities in document readers and editors, particularly in PDFsIn 2009, the report showed, more than...
Read more...
