Thousands of embedded devices share cryptographic keys and certificates, exposing millions of connections to man-in-the-middle attacks.
Browsing Category: Vulnerabilities
Lenovo has patched two serious vulnerabilities in Lenovo System Update that can allow hackers elevate privileges and guess admin passwords.
A vulnerability reported to United Airlines that could have been exploited to manipulate flight reservations and customer data sat unpatched for almost six months before it was fixed.
Two more self-signed root certificates and corresponding private keys were found on Dell computers.
Thousands of cable modems manufactured by the Georgia-based telecom Arris suffer from a series of issues: XSS and CSRF vulnerabilities, hard-coded passwords, and what a researcher is calling a backdoor in a backdoor.
Different models of Dell computers have shipped with a preinstalled root certificate and private key, opening the machines up to man-in-the-middle attacks.
VMware patched a number of its products vulnerability to an XML External Entities vulnerability in the Apache Flex BlazeDS product integrated into VMware.
The German government published the results of its audit of open source disk encryption package TrueCrypt and gave it a relative clean bill of health.
The Department of Education was told this week that its failed to heed repeated warnings that its systems contain multiple weaknesses.
LinkedIn fixed a persistent cross site scripting vulnerability in its site this week that could have spread a worm on the service’s help forums.