23 May 2019

All iPhones And Some Android Phones Are Vulnerable To A New Device Fingerprinting Attack

Cambridge University researchers have discovered a new kind of “fingerprinting attack” that could enable websites to keep track of individual users as they visit other websites using the same browser. Fingerprinting is a nightmare for people who care about their privacy. It can be used to target people with customized

Read More
23 May 2019

Two More Zero-Day Vulnerabilities Released for Windows

Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult

Read More
22 May 2019

It’s not just WhatsApp, most messaging apps likely have security vulnerabilities

Cybersecurity experts warn that the recent Whatsapp vulnerability that allowed cyberattacker to remotely install malicious software on mobile phones, is unlikely to be the only flaw of that kind affecting messaging applications. In fact, Tom Uren of the International Cyber Policy Centre (ICPC) believes that “pretty much the entire suite

Read More
22 May 2019

New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

A notorious Windows exploit developer known by the moniker SandboxEscaper has released a new exploit that allows users with limited privileges to obtain complete control over files that can otherwise only be altered by admin accounts and system processes. The zero-day flaw affects the Task Scheduler utility and is relatively

Read More
21 May 2019

Fifth of Docker Containers Have No Root Passwords

New research by Kenna Security found that Docker containers are often not protected with root passwords. Containers are standardized software units that allow software to be run in isolation, so that performance is not influenced by the underlying infrastructure. A security researcher found that 194 (19.4%) of the 1000 most

Read More
20 May 2019

Q1 2019 Smashes Record For Most Reported Vulnerabilities in a Quarter

The first quarter of this year broke the record for reported security vulnerabilities, a new report by Risk Based Security shows. A total of 5,501 new flaws were disclosed during this period, most of which were web-based (56.8%). Two additional findings from the report are especially worrisome. The first is

Read More
16 May 2019

Google is replacing Bluetooth Titan Security Keys because of a vulnerability

Google is offering to provide owners of Bluetooth Titan Security Keys with free replacements because the products are affected by a serious security vulnerability. The company has discovered that a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” could enable threat actors to take over user accounts under certain

Read More
15 May 2019

Intel CPUs Impacted By New Class of Spectre-Like Attacks

Once again, security researchers have discovered critical vulnerabilities in CPU chips that allow attackers to use a technique called speculative execution in order to get CPUs to leak sensitive information. The January 2018 disclosure of a previous set of such flaws, called Meltdown and Spectre, sent shock waves through the

Read More
15 May 2019

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

As part of this month’s patch Tuesday, Microsoft released a critical patch for CVE-2019-0708, a “wormable” vulnerability affecting Windows 7, Windows Server 2008 R2, and Windows Server 2008 and various older operating systems. Due to the extraordinary severity of the flaw, Microsoft also released versions of the patch for otherwise

Read More
15 May 2019

Website Attack Attempts Rose by 69% in 2018

New research by Sitelock indicates that attempts to attack websites are on the rise. In 2018, the average website faced 62 attack threats on a daily basis. The most common attacks involved the use of backdoors, shells, and JavaScript files (cross-site scripting or XSS). XSS attacks target visitors, since they

Read More