Google is offering to provide owners of Bluetooth Titan Security Keys with free replacements because the products are affected by a serious security vulnerability. The company has discovered that a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” could enable threat actors to take over user accounts under certain

Once again, security researchers have discovered critical vulnerabilities in CPU chips that allow attackers to use a technique called speculative execution in order to get CPUs to leak sensitive information. The January 2018 disclosure of a previous set of such flaws, called Meltdown and Spectre, sent shock waves through the

As part of this month’s patch Tuesday, Microsoft released a critical patch for CVE-2019-0708, a “wormable” vulnerability affecting Windows 7, Windows Server 2008 R2, and Windows Server 2008 and various older operating systems. Due to the extraordinary severity of the flaw, Microsoft also released versions of the patch for otherwise

New research by Sitelock indicates that attempts to attack websites are on the rise. In 2018, the average website faced 62 attack threats on a daily basis. The most common attacks involved the use of backdoors, shells, and JavaScript files (cross-site scripting or XSS). XSS attacks target visitors, since they

A new report by Synopsys indicates that open source security vulnerabilities are on the rise, putting companies that increasingly make use of such solutions at risk. In 2018, 7,000 open source vulnerabilities were identified, bringing the total of flaws found in the past twenty years to over 50,000. The research

Vodafone has admitted to Bloomberg that it discovered backdoors in software for Huawei products used by the carrier to provide various services to customers in Italy. The backdoors were discovered between 2009 and 2011 and remained in place for years. As a result, Huawei could have obtained unauthorized access to

US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)

Default passwords are a security hazard in general, and when they affect applications used by firms to keep track of vehicles and perform remote actions like starting or shutting off engines, they can even put people’s lives at risk. A hacker using the moniker L&M claims that this applies to

The number of new security vulnerabilities affecting Microsoft products increased last year compared to 2017, and has more than doubled since 2013, a new BeyondTrust report shows. While the number of critical vulnerabilities declined based on the number for 2017, critical flaws have generally increased by 30% over the last

Threat actors are stepping up their efforts to weaponize vulnerabilities affecting Adobe products, new data by RiskSense shows. In 2018, a record-breaking 177 flaws were weaponized, which is 139% higher than in 2017. The study also found that last year almost three times more vulnerabilities were exploited in the wild before