vulnerabilities – Page 3 – SSL and internet security news

New SSH Vulnerability

November 15, 2023 infossl

academic papers, cryptography, Security technology, signatures, ssh, Uncategorized, vulnerabilities

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that … Read More “New SSH Vulnerability” »

Cisco Can’t Stop Using Hard-Coded Passwords

October 11, 2023 infossl

cisco, passwords, Security technology, Uncategorized, vulnerabilities

There’s a new Cisco vulnerability in its Emergency Responder product: This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow … Read More “Cisco Can’t Stop Using Hard-Coded Passwords” »

Critical Vulnerability in libwebp Library

September 27, 2023 infossl

chrome, Chrome OS, ios, operating systems, Security technology, Uncategorized, vulnerabilities, zero-day

Both Apple and Google have recently reported critical vulnerabilities in their systems—iOS and Chrome, respectively—that are ultimately the result of the same vulnerability in the libwebp library: On Thursday, researchers from security firm Rezillion published evidence that they said made it “highly likely” both indeed stemmed from the same bug, specifically in libwebp, the code … Read More “Critical Vulnerability in libwebp Library” »

Zero-Click Exploit in iPhones

September 13, 2023 infossl

apple, exploits, ios, iphone, Security technology, spyware, Uncategorized, vulnerabilities

Make sure you update your iPhones: Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect … Read More “Zero-Click Exploit in iPhones” »

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

September 5, 2023 infossl

academic papers, Security technology, Uncategorized, vulnerabilities

Interesting research: Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) … Read More “Inconsistencies in the Common Vulnerability Scoring System (CVSS)” »

Spyware Vendor Hacked

September 1, 2023 infossl

activism, brazil, hacking, Security technology, spyware, Uncategorized, vulnerabilities

A Brazilian spyware app vendor was hacked by activists: In an undated note seen by TechCrunch, the unnamed hackers described how they found and exploited several security vulnerabilities that allowed them to compromise WebDetetive’s servers and access its user databases. By exploiting other flaws in the spyware maker’s web dashboard—used by abusers to access the … Read More “Spyware Vendor Hacked” »

Security Risks of New .zip and .mov Domains

May 19, 2023 infossl

cybersecurity, google, phishing, Security technology, Uncategorized, vulnerabilities

Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability. Powered by WPeMatico

Microsoft Secure Boot Bug

May 17, 2023 infossl

microsoft, Security technology, Uncategorized, vulnerabilities, zero-day

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs … Read More “Microsoft Secure Boot Bug” »

SolarWinds Detected Six Months Earlier

May 3, 2023 infossl

breaches, hacking, intrusion detection, Security technology, Uncategorized, vulnerabilities

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it. WIRED can now confirm that the operation was actually discovered by the DOJ six months earlier, in late May 2020—but the scale and … Read More “SolarWinds Detected Six Months Earlier” »

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

April 4, 2023 infossl

cryptocurrency, cybersecurity, hacking, malware, North Korea, Security technology, supply chain, Uncategorized, vulnerabilities

News: Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.” … Read More “North Korea Hacking Cryptocurrency Sites with 3CX Exploit” »