A week after disclosing a cross-site request forgery vulnerability in small wind turbines manufactured by a company called XZERES, a security researcher has discovered a serious bug in the human-machine interface for turbines made by German company RLE International GmbH. Researcher Maxim Rupp discovered the vulnerability in the Nova-Wind Turbine HMI and reported it to the vendor.[…]
Browsing Tag: vulnerabilities
Google today launched the Android Security Rewards program, a bug bounty for Android Nexus 6 and Nexus 9 devices.
The Yoast WordPress SEO plugin, which has been downloaded more than 14 million times, has a serious cross-site scripting vulnerability that can allow an attacker to force a vulnerable site to execute arbitrary HTML code. The bug may have been reported to the plugin’s developer as long as two years ago, but it was still[…]
A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.
Cisco patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software.
Mozilla announced that it has increased rewards for vulnerabilities submitted to its bug bounty program, and that for the first time it will pay for some bugs whose severity is rated moderate.
Toshiba has eliminated a hard-coded cryptographic key in its CHEC software, but is dealing with an information-disclosure bug in its 4690 operating system.
UPDATE–Wind turbines have been popping up across the United States in great numbers of late, and many of them are connected to the Internet. That, of course, means that these turbines are going to be natural targets for attackers and researchers. A security researcher named Maxim Rupp has discovered a cross-sire request forgery vulnerability in the operating[…]
Researchers have identified dozens of vulnerabilities in several D-Link products, some of which allow attackers to bypass authentication requirements or upload arbitrary files to target devices. The vulnerabilities lie in a variety of D-Link network storage devices and the company has produced updated firmware to address some of the problems. Researchers at Search-Lab discovered the[…]