Top

Tag: vulnerabilities


Cloud security, Vulnerabilities

Hack Allows Escape of Play-with-Docker Containers

January 15, 2019

Via: Threat Post

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the […]


Malware, Mobile security, Vulnerabilities

Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In

January 14, 2019

Via: Threat Post

A penetration testing tool published by Polish security researcher Piotr Duszyński can bypass login protections for accounts protected by two-factor authentication (2FA). In his write-up on the tool, (which is dubbed Modlishka, meaning “mantis” in English), he asked, “is 2FA […]


Network security, Vulnerabilities

Biometrics in 2019: Increased Security or New Attack Vector?

January 10, 2019

Via: Threat Post

Should we pump the brakes on the rollout of biometric security to first consider whether we are creating new vulnerabilities? This year thousands of consumers unwrapped new smartphones and laptops which come with biometric sensors that are intended to protect […]


Vulnerabilities

Web Vulnerabilities Up, IoT Flaws Down

January 10, 2019

Via: Dark Reading

The total number of vulnerabilities in Web applications reported by researchers jumped to 17,142 in 2018, climbing more than 21% compared to the previous year and driven in part by the large number of flaws found in Web applications and […]


Vulnerabilities

Rise of DevOps exposes organizations to risk via container vulnerabilities

January 8, 2019

Via: Help Net Security

60 percent of respondents to a Tripwire and Dimensional Research study reported their organizations have experienced container security incidents in the past year. Yet, of the 269 respondents who currently have containers in production, 47 percent said they deployed containers […]


Network security, Vulnerabilities

How Intel Has Responded to Spectre and Meltdown

January 7, 2019

Via: Dark Reading

In January of 2018, the world was introduced to two game-changing CPU vulnerabilities, Spectre and Meltdown, that brought “speculative execution side-channel vulnerability” into the enterprise IT security lexicon. Since then, a number of variants of the initial vulnerabilities have been […]


Vulnerabilities

A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

January 4, 2019

Via: Threat Post

All of the vulnerabilities arise from improper input validations. A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup […]


Vulnerabilities

Hijacking Online Accounts Via Hacked Voicemail Systems

December 31, 2018

Via: Threat Post

Voicemail systems are vulnerable to compromise via brute-force attacks against the four-digit personal identification numbers (PINs) that protect them. Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like WhatsApp, […]


Vulnerabilities

WordPress Patches Privilege Escalation Vulnerabilities

December 18, 2018

Via: Security Week

Privilege escalation vulnerabilities in WordPress allow attackers to access features that were intended for administrators only, RIPS Tech security researchers say. An attacker with a user role as low as contributor on WordPress – the free and open-source content management […]


Mobile security, Vulnerabilities

Google Patches 11 Critical RCE Android Vulnerabilities

December 5, 2018

Via: Threat Post

Google’s December Android Security Bulletin tackles 53 unique flaws. Remote code-execution (RCE) vulnerabilities dominated Google’s December Android Security Bulletin. The flaws are part of a total of 53 unique bugs patched by the Android security team, with a total number […]