Top

Category: Vulnerabilities


Vulnerabilities

A flaw in MySQL could allow rogue servers to steal files from clients

January 22, 2019

Via: Security Affairs

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host […]


Vulnerabilities

Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

January 21, 2019

Via: Security Affairs

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, […]


Vulnerabilities

Researchers Create PoC Malware for Hacking Smart Buildings

January 16, 2019

Via: Security Week

Smart buildings have become increasingly common. They rely on building automation systems – including sensors, controllers and actuators – to control heating, ventilation, air conditioning, lighting, surveillance, elevators, and access. The automation systems that power smart buildings are similar to […]


Cloud security, Vulnerabilities

Hack Allows Escape of Play-with-Docker Containers

January 15, 2019

Via: Threat Post

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the […]


Malware, Mobile security, Vulnerabilities

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

January 14, 2019

Via: Threat Post

A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication (2FA). In his write-up on the tool, (which is dubbed Modlishka, meaning “mantis” in English), he asked, “is 2FA […]


Network security, Vulnerabilities

Biometrics in 2019: Increased Security or New Attack Vector?

January 10, 2019

Via: Threat Post

Should we pump the brakes on the rollout of biometric security to first consider whether we are creating new vulnerabilities? This year thousands of consumers unwrapped new smartphones and laptops which come with biometric sensors that are intended to protect […]


Vulnerabilities

Web Vulnerabilities Up, IoT Flaws Down

January 10, 2019

Via: Dark Reading

The total number of vulnerabilities in Web applications reported by researchers jumped to 17,142 in 2018, climbing more than 21% compared to the previous year and driven in part by the large number of flaws found in Web applications and […]


Phishing, Vulnerabilities

Shipping Firms Speared with Targeted ‘Whaling’ Attacks

January 9, 2019

Via: Threat Post

Bad actors are imitating high-level executives in the shipping industry to launch BEC attacks that could lead to credential theft or worse – system compromise. Scammers are honing in on the shipping industry, using “whaling,” a.k.a. business email compromise (BEC) […]


Vulnerabilities

Adobe Patches ‘Important’ Flaws in Connect, Digital Editions

January 8, 2019

Via: Security Week

Adobe’s Patch Tuesday security updates for January 2019 address only two “important” vulnerabilities in the company’s Connect and Digital Editions products. The latest version of the Adobe Connect web conferencing software patches CVE-2018-19718, a session token exposure issue that can […]


Vulnerabilities

Rise of DevOps exposes organizations to risk via container vulnerabilities

January 8, 2019

Via: Help Net Security

60 percent of respondents to a Tripwire and Dimensional Research study reported their organizations have experienced container security incidents in the past year. Yet, of the 269 respondents who currently have containers in production, 47 percent said they deployed containers […]