Archives for August, 2017
GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have opened its users up to session hijacking attacks.
Trivially exploitable vulnerabilities in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service have been discovered.
Abbott Laboratories releases software fixes for pacemakers that could allow an attacker to wirelessly access the devices and steal personal data, drain the battery and disrupt normal life-sustaining operations.
Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.
A previously undocumented kill switch for a remote management feature baked into many Intel chips can be switched off.
The Turla APT's WhiteBear toolset was used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and South America during most of 2016.
For a second time this month, a Locky ransomware variant called IKARUSdilapidated is part of a calculated phishing attack targeting office workers with fake scanned image attachments.
Siemens fixed a session hijacking vulnerability in its LOGO! logic module Wednesday but says a second issue, one that could help facilitate a man-in-the-middle attack, has no fix currently.
Researchers accessed the Onliner spambot and found 711 million records, including email addresses, email and password combinations, and SMTP credentials and configuration files.
Google began sending out notices to site owners this month who haven't yet migrated from HTTP to HTTPS warning them that in October their sites will be marked "NOT SECURE."