A critical vulnerability in a popular hotel and convention center Internet gateway from AntLabs called InnGate has been patched. The flaw allows attackers read and write access to the devices from the Internet.
Students from M.I.T. have devised a new way to scour raw code for integer overflows.
Cisco released its semiannual set of patches for its Cisco IOS router and switch operating system. The patches address 16 vulnerabilities.
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code.
A default setting in both Windows 7 and 8.1 could allow local users to elevate privileges and in some situations, escape application sandboxes.
Researchers claim that when thermal energy from one computer is detected by an adjacent computer it can facilitate the spread of keys and malware.
A security researcher says there is a bug in the Instagram API that could enable an attacker to post a message with a link to a page he controls that hosts a malicious file, but when the user downloads the file it will appear to come from a legitimate Instagram domain, leading the victim to trust […]
A cross-site request forgery (CSRF) vulnerability in the website of hotel chain Hilton Worldwide could have inadvertently compromised much of its users personal information.
A Flash vulnerability that Adobe patched four years ago actually remains exploitable according to a presentation given by a pair of researchers at the TROOPERS security conference.
Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones. Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is […]
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
