News tagged: Vulnerabilities
Even Google's bug tracker tool isn't free from vulnerabilities. Security researcher Alex Birsan found a flaw in the company's Issue Tracker, which is used to list all of the bugs and feature requests in Google's products that still need to be addressed.
A secret Microsoft database filled with information about software vulnerabilities was hacked in 2013, but the company didn't disclose the breach. Reuters says the vulnerabilities ended up being exploited, but a review concluded the exploits didn't come from the breach.
Apple products are often associated a low risk of security problems compared to their competitors, but they're definitely not free of issues. Case in point: Safari. A report from Google's Project Zero found Apple's web browser has more security vulnerabilities than others.
There are significant vulnerabilities present in Germany's voting system, warns Chaos Computer Club (CCC). In the lead up to Germany's federal election, CCC has stated there are security holes that could allow malicious groups to change vote totals, among other things.
Due to cybersecurity concerns, a guidance from the US Army has instructed all units to halt their use of drones from DJI, a Chinese company. This order was issued because of "an increased awareness of cyber vulnerabilities" in the products. The memo was dated August 2.
Vulnerabilities that could be easily exploited have been found in some medical imaging systems from Siemens. The vulnerabilities could enable hackers to execute code remotely and only a low skill level is required to carry out an attack. Attacks could damage the machines.
Samsung's open-source Tizen operating system is reportedly affected by a large number of vulnerabilities. Motherboard reports Tizen has dozens of zero-days, making users very vulnerable to attacks from hackers. Samsung is working to address the flaws.
Two vulnerabilities in dozens of Netgear router models have been highlighted by Trustwave researchers. If they're exploited, hackers can recover your router's administrative password. The exploit only applies if your router accepts administration from outside the network.
Autofill systems in multiple browsers, including Chrome, Safari, and Opera may be leaving you vulnerable to a phishing attack. Viljami Kuosmanen, a Finnish web developer, has found those systems fill data in hidden text fields. The browser may provide more data than you realize.
Flight booking and itinerary systems are prime targets for hackers due to their continued use of legacy systems, according to research from SR Labs. A presentation at Chaos Communication Congress from two SR Labs researchers explained how the systems aren't adequately protected.
A vulnerability in Windows that was controversially revealed by Google has been exploited by Russia-linked hackers in a phishing campaign, reports Microsoft. The hacking group, known as Strontium or APT 28, may be operating under orders from the Russian government.
Many of the Bluetooth-enabled smart locks available on the market aren't terribly secure and can be opened when wirelessly attacked. According to researcher Anthony Rose, an engineer who presented at DEF CON, 12 out of the 16 locks he tested were vulnerable.
Apple has put together a bug bounty program for the first time that'll be open to hackers in September. The program was announced at the Black Hat conference and it'll only be available to those invited by the company. Hackers can receive a cash reward.
Discovering a vulnerability in the Chromebook system that lets you hack the product remotely can now net you $100,000. Google has doubled its max award amount in response to a complete lack of successful submissions. The vulnerability must allow for a sustained hack.
The biggest advantage of Nexus lineup over other Android smartphones and tablets is the fast software updates. With only two days in February, Nexus devices are already receiving this month's security update, which is now rolling out over-the-air (OTA).
The latest company that has issued a critical update to fix major security vulnerability is Cisco, who has warned users of a critical vulnerability in its RV220W wireless network security firewalls. The company has now released firmware updates for some of affected products.
One of the most popular CMS', Drupal, has been recently accused of having a series of security vulnerabilities, who has eventually confirmed the issues. Since then, members of the Drupal Security Team have been working on a fix, which should be released soon.
The FBI now says it does exploit unpatched security holes when given the chance, confirming reports that have come out for years. Amy Hess, leader of the Operational Technology Division, told the Washington Post that the FBI does exploit zero-day vulnerabilities.
Despite guarding its App Store against dangerous software more than Google does, Apple might not be keeping out enough bad apps. Checkmarx has released a report that says iOS actually has a higher percentage of critical or severe security vulnerabilities than Android.
The NSA discovers many software bugs as a result of its position in the intelligence community and according to a press release, 91% are disclosed to developers in the US. However, the NSA hasn't said how long it takes to disclose them or what it does with them in the meantime.