Security Vulnerabilities - Page 18

Discover Security Vulnerabilities News

Ring Doorbells Had Security Bug That Exposed Wi-Fi Passwords To Hackers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Are you a Ring doorbell owner? Have you heard about the security bug that researchers discovered in Ring doorbells that sent Wi-Fi passwords over the network in plain HTTP rather than being encrypted? Learn more:

Brittany Day
Nov 13, 2019

Fooling Voice Assistants with Lasers

Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Learn more in an interesting Schneier on Security blog post:

Brittany Day
Nov 12, 2019

Libarchive vulnerability can lead to code execution on Linux, FreeBSD, NetBSD

Google has discovered a Libarchive vulnerability which can lead to code execution on Linux, FreeBSD and NetBSD. Learn more about the security bug and its implications for Linux users in an informative ZDNet article:

Brittany Day
Nov 06, 2019

Kernel Address Space Isolation Is Still Being Explored For Better Security

IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article:

Brittany Day
Nov 04, 2019

New Chrome 0-day Bug Under Active Attacks – Update Your Browser Now!

Are you a Google Chrome user? If so, you should update your browser now, as two new high severity Chrome zero-day bugs are being actively exploited by attackers. Learn more about the vulnerabilities and how to protect your system:

Brittany Day
Nov 01, 2019

Top Linux developer on Intel chip security problems: 'They're not going away.'

The same Intel CPU speculative execution problems which led toMeltdown and Spectresecurity issues are still alive and well and Greg Kroah-Hartman, the stable Linux kernel maintainer, says we're going to see Intel chip security problems for years to come. Learn more about this issue:

Brittany Day
Oct 31, 2019

PHP team fixes nasty site-owning remote execution bug

The PHP development team has fixed a bug that could allow remote code execution in some setups of the programming language. Get the details:

Brittany Day
Oct 29, 2019

PHP RCE flaw actively exploited to pop NGINX servers

A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets hasconfirmed. Learn more:

Brittany Day
Oct 28, 2019

Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root

A Linux Sudo bug which allows users to run some restricted commands as root without permission has been discovered. Learn more about this security vulnerability in an informative Techworm article:

Brittany Day
Oct 16, 2019

Hackers bypassing some types of 2FA security FBI warns

Are you aware that hackers are bypassing some types of 2FA security? Get the details:

Brittany Day
Oct 11, 2019

Zero-day published for old Joomla CMS versions

Are you a Joomla user? Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites. Learn more in a great ZDNet article:

Brittany Day
Oct 08, 2019

Exim suffers another ‘critical’ remote code execution flaw

Remember the critical remote code execution (RCE) vulnerability in the Exim email server,CVE-2019-15846,from mid-September?Barely two weeks later, and the software’s maintainers have issued an advisory for another potentially troublesome bug,identified as CVE-2019-16928, which has been given the same critical rating. Learn more in a great NakedSecurity article:

Brittany Day
Oct 02, 2019

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

Are you an Exim user? A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Learn more about the vulnerability in a great The Hacker News article:

Brittany Day
Sep 30, 2019

Some Voting Machines Still Have Decade-Old Vulnerabilities

The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security. Learn more in an interesting Wired article:

Brittany Day
Sep 26, 2019

Hackers are infecting WordPress sites via a defunct plug-in

If you’re a WordPress admin using a plug-in called Rich Reviews, you’ll want to uninstall it. Now. Learn more:

Brittany Day
Sep 26, 2019

Server-squashing zero-day published for phpMyAdmin tool

Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages. Learn more:

Brittany Day
Sep 20, 2019

Patch now: 1,300 Harbor cloud registries open to attack

Have you heard that a severe critical privilege escalation vulnerability has been found in Harbor open-source registry software? Learn more:

Brittany Day
Sep 19, 2019

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

Are you a phpMyAdmin user? A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. Learn more:

Brittany Day
Sep 18, 2019

Google fixes Chromebook 2FA flaw in ‘built-in security key’

Are you a Chromebook user? Google has discovered a serious flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F two-factor authentication (2FA). Learn more:

Brittany Day
Sep 16, 2019

Google discloses vulnerability in Chrome OS 'built-in security key' feature

Are you a Chromebook user? If so, make sure you have updated to Chrome OS 75 or later to receive a fix for a vulnerability in a "built-in security key" feature. Learn more:

Brittany Day
Sep 12, 2019

Security Vulnerabilities - Page 18

Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns

Easily Exploitable 10-Year-Old needrestart Utility Flaws Allow Root Access

7-Zip Users Beware: Urgent Update Needed to Fix Code Execution Security Flaw