The Office of Personnel Management announced yesterday that it is temporarily suspending the system it uses to conduct government background checks.
Browsing Tag: vulnerabilities
Apple has released new versions of iOS and OS X, both of which include a significant number of security patches, several for bugs that can lead to remote code execution and other serious issues. Version 8.4 of iOS contains fixes for more than 30 security vulnerabilities, including bugs in the iOS kernel, WebKit, and CoreText.[…]
Many smartphones manufactured by LG contain a vulnerability that can allow an attacker to replace an APK file with a malicious file of his choice. The problem is the result of several conditions on LG phones. Like other manufacturers, LG includes custom apps on its handsets, which are not available through the normal Google Play[…]
Exploits for the recently patched Adobe Flash Player zero-day have appeared in the Magnitude Exploit Kit and are leading to Cryptowall ransomware infections.
Dennis Fisher and Mike Mimoso talk about the Cisco default SSH keys, more details of the OPM data breach, the Adobe 0-day and why we never hear about bad APT groups, only the really good ones.
When Cisco released a patch for several of its security appliances Thursday that eliminated the presence of hard-coded SSH host and private keys, the advisory had a distinct air of familiarity about it. That’s because the company released a patch for the same problem in one of its other major products almost exactly one year ago.
Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses.
Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim’s stored passwords.
There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices. VxWorks is an embedded operating system that’s used in a large number of ICS products that are deployed in sectors such as energy, water,[…]
Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer.