vulnerability – Page 34 – PossibleThreat Articles

REvil ransomware exploiting VPN flaws made public last April

January 8, 2020 0 Comments bad packets report, malware, pulse secure, Ransomware, revil, security threats, Sodinokibi, vpn, vulnerability

Credit to Author: John E Dunn| Date: Wed, 08 Jan 2020 12:39:53 +0000

Researchers report flaws, vendors issue patches, organisations apply them – and everyone lives happily ever after. Right? Wrong!<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/FOp5i99FBQk” height=”1″ width=”1″ alt=””/>

Security Sophos

Serious Security: The decade-ending “Y2K bug” that wasn’t

December 23, 2019 0 Comments Bug, code review, java, serious security, testing, vulnerability, y2k

Credit to Author: Paul Ducklin| Date: Mon, 23 Dec 2019 17:43:20 +0000

We explain why you really need to RTFM. Even if TFM is very long and complicated and you are very experienced.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/hCkMBFmx46A” height=”1″ width=”1″ alt=””/>

Security Sophos

Researchers discover weakness in IoT digital certificates

December 17, 2019 0 Comments digital certificate management, digital certificates, encrypted keys, encryption, Internet of Things, IoT, keyfactor, keys, private keys, public keys, security threats, vulnerability

Credit to Author: Danny Bradbury| Date: Tue, 17 Dec 2019 12:10:45 +0000

IoT devices are using weak digital certificates that could expose them to attack, according to a study released over the weekend.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/zJlF9M3_vf4″ height=”1″ width=”1″ alt=””/>

Security Sophos

Plundervolt – stealing secrets by starving your computer of voltage

December 16, 2019 0 Comments bwain, cve-2019-11157, plundervolt, side-channel, vulnerability

Credit to Author: Paul Ducklin| Date: Mon, 16 Dec 2019 11:16:59 +0000

Turns out that if you drop your CPU voltage just enough, it makes mistakes that could let you sneak in where you shouldn’t.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/_fEjGFVk1pA” height=”1″ width=”1″ alt=””/>

Security Sophos

Npm patches two serious bugs

December 16, 2019 0 Comments cve-2019-16775, cve-2019-16776, cve-2019-16777, java, JavaScript, javascript packages, npm, Patch, Patches, security threats, vulnerability

Credit to Author: Danny Bradbury| Date: Mon, 16 Dec 2019 10:57:26 +0000

JavaScript package users have been warned to update due to a bug that could enable an attacker to infect them with malicious applications.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/Yb7pRyvF7Uo” height=”1″ width=”1″ alt=””/>

Security Sophos

December Patch Tuesday blunts WizardOpium attack chain

December 12, 2019 0 Comments Adobe, chrome, Intel, intel sgx, lazarus group, Microsoft, Patch Tuesday, Patching, plundervolt, RDP, security threats, vulnerability, Windows, windows xp, zero day, zero-day vulnerability

Credit to Author: John E Dunn| Date: Thu, 12 Dec 2019 10:42:32 +0000

December 2019’s Patch Tuesday updates are, including a fix for the Windows flaw used in recently discovered WizardOpium attacks.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/PoQEqUB0h3I” height=”1″ width=”1″ alt=””/>

Security Sophos

FTC warns Christmas buyers that smart toys are a security risk

December 11, 2019 0 Comments children's privacy, Coppa, FTC, kids, Privacy, security threats, smart toys, vulnerability

Credit to Author: John E Dunn| Date: Wed, 11 Dec 2019 11:11:22 +0000

Thinking of giving a young person an internet-connected ‘smart’ toy this Christmas? You may want to think again.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/t82KjRHVgzo” height=”1″ width=”1″ alt=””/>

Security Sophos

Serious Security: Understanding how computers count

December 9, 2019 0 Comments buffer overflow, Bug, overflow, serious security, vulnerability

Credit to Author: Paul Ducklin| Date: Mon, 09 Dec 2019 21:07:45 +0000

The hard disks that fail abruptly at 32,768 hours of use – why simply ‘adding 1’ can send you into oblivion.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/QXKiLEwjhLM” height=”1″ width=”1″ alt=””/>

Security Sophos

Networking attack gives hijackers VPN access

December 9, 2019 0 Comments CVE, cve-2019-14899, Linux, MacOS, Operating Systems, OS X, security threats, university of new mexico, virtual private network, vpn, vpn hack, vulnerability

Credit to Author: Danny Bradbury| Date: Mon, 09 Dec 2019 12:31:50 +0000

Researchers have discovered a flaw in macOS, Linux, and several other operating systems that could let attackers hijack VPN connections.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/L7I8CdL_Udk” height=”1″ width=”1″ alt=””/>

Security Sophos

HackerOne pays $20,000 bounty after breach of own systems

December 9, 2019 0 Comments bug bounty, bug disclosure, hackerone, haxta4ok00, responsible disclosure, security threats, session cookie, vulnerability

Credit to Author: John E Dunn| Date: Mon, 09 Dec 2019 12:08:39 +0000

In an embarrassing twist, bug bounty platform HackerOne has paid a $20,000 reward to a researcher who reported a security flaw inadvertently caused by one of its staff during… a bug submission.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/iDklXemCQZs” height=”1″ width=”1″ alt=””/>