Google researcher finds zero day in TP-Link routers
Google security engineer Matthew Garrett has revealed a zero day vulnerability in TP-Link's SR20 smart home routers. The company would not have responded when the investigator revealed the vulnerability to them.
The error is an arbitrary code execution (ACE) error in TP-Link SR20 routers. These are ... Read more
Error in Magento makes websites vulnerable to skimmers
E-commerce platform Magento contains a serious vulnerability, which means that 300,000 websites run the risk of being infected with malware from skimmers. The vulnerability has already been closed with a patch, but it still has to be installed by the owners of the websites.
The specific error is PRO... Read more
Hackers hijack ASUS software updates to install back doors
Hackers have taken over a server from computer manufacturer ASUS to install a back on the company's computers already sold to customers, according to researchers from security company Kaspersky Lab. The burglary was discovered last January.
The hackers were able to penetrate the server that ASUS us... Read more
IBM closes critical vulnerabilities in Watson and analytics products
IBM has announced solutions to five vulnerabilities in Java runtime. The bugs make various versions of Watson Explorer and Watson Content Analytics vulnerable to all kinds of attacks, reports ZDNet. The company therefore speaks of critical leaks.
The most serious vulnerability, CVE-2018-2602, was al... Read more
Yelp for conservatives’ 63red Safe leaks user data
A new mobile app described as 'Yelp for Conservatives' is leaking user data and business reviews, according to a French security researcher. The app, 63red Safe, was launched this weekend in the App Store and Play Store.
63red Safe describes itself as a service where users can read "reviews of loca... Read more
Vulnerability in super-micro-hardware can bring backdoor to IBM cloud server
A five year old vulnerability in a widely used administrative tool for servers used for sensitive and mission-critical computing again causes problems. The vulnerability exists thanks to baseboard management controllers (BMCs), and threatens premium cloud services from IBM and possibly other provide... Read more
2.4 million sensitive user data leaked Dow Jones
Dow Jones has leaked 2.4 million user data through an incorrectly configured Amazon Web Services (AWS) server. That's what Silicon Angle reports. Dow Jones is a financial company and the Dow Jones Industrial Average is very important for the American stock market.
The leak was discovered by securit... Read more
Cloudborne vulnerability exposes cloud servers to hackers
A new vulnerability has been found that may enable hackers to capture data that companies store in the cloud. This is a vulnerability called Cloudborne, which affects certain components of the motherboard of servers that are often found in cloud provider data centers.
Researchers from the company Ec... Read more
New 4G and 5G vulnerabilities allow hackers to intercept calls
A group of scientists found three new security problems in 4G and 5G. According to the scientists, this enables hackers to intercept telephone calls and track the location of smartphone users. That's what TechCrunch reports.
This would be the first time that vulnerabilities affect both 4G and the up... Read more
Millions of websites at risk from vulnerability in Drupal
Millions of websites using the Drupal content management system are at risk of being taken over. Drupal contains a vulnerability that allows hackers to remotely execute malicious code. Ars Technica reports that managers of the open source project are warning about this. A patch is available for the ... Read more