vulnerable
-
Blog
Millions of RSA encryption keys could be vulnerable to attack
Millions of RSA encryption keys contain major flaws, making them vulnerable to attack, according to new research. Analysis from Keyfactor found around 1 in 172 of all certificates found online are susceptible to compromise through a mathematical attack, equating to potentially millions of keys. The vulnerability mainly affects Internet of Things (IoT) devices, but is a risk for any system…
Read More » -
Blog
94% of Wi-Fi networks are vulnerable to deauthentication attacks
Research shows the vast majority of Wi-Fi networks are vulnerable to a popular type of denial-of-service (DoS) attack that is frequently deployed in larger cyber intrusion efforts. A new report from Nozomi Networks that analysed telemetry from hundreds of OT and IoT environments found 94% of Wi-Fi networks lacked the proper protections against deauthentication attacks. Deauthentication attacks are a form…
Read More » -
Blog
Laravel admin package Voyager vulnerable to one-click RCE flaw
Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the flaws to the Voyager maintainers…
Read More » -
Blog
Apple M-Series Chips Are Vulnerable to Side-Channel Attacks
Security researchers from Georgia Institute of Technology and Ruhr University Bochum discovered two side-channel vulnerabilities in devices with Apple name-brand chips from 2021 or later that could expose sensitive information to attackers. Specifically, the vulnerabilities known as SLAP and FLOP skim credit card information, locations, and other personal data. Data can be gathered from sites like iCloud Calendar, Google Maps,…
Read More » -
Blog
NAO warns that UK government doesn’t know how vulnerable its IT systems are
The cyber threat to the UK government is ‘severe and advancing quickly’, the National Audit Office (NAO) has found. It said the government’s new cyber assurance scheme, GovAssure, independently assessed 58 critical departmental IT systems last year and found significant gaps in cyber resilience. Meanwhile, there are at least 228 legacy systems in use – and the government doesn’t know…
Read More » -
Blog
Vulnerable Moxa devices expose industrial networks to attacks
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution. Risks on Moxa routers Moxa devices…
Read More » -
Blog
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin…
Read More » -
Blog
Researchers claim Fortinet’s FortiJump patch was ‘incomplete’ and left users vulnerable
Fortinet’s patch for FortiJump, a critical missing authentication RCE flaw in FortiManager, left new vulnerabilities on the table for threat actors to exploit, according to new research. A new report from watchTowr Labs described how when trying to recreate the initial FortiJump vulnerability, researchers discovered a series of additional flaws, and one they considered particularly worrying. “[We] stumbled upon a…
Read More » -
Blog
New SteelFox malware hijacks Windows PCs using vulnerable driver
A new malicious package called ‘SteelFox’ mines for cryptocurrency and steals credit card data by using the “bring your own vulnerable driver” technique to get SYSTEM privileges on Windows machines. The malware bundle dropper is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various software like Foxit PDF Editor, JetBrains and AutoCAD. Using a vulnerable driver…
Read More » -
Blog
How Are You Vulnerable Online?
Key Takeaways Weak passwords increase vulnerability, especially if reused, which can lead to breaches across multiple accounts. Tracking by tech companies and ISPs endangers your privacy. Improper storage of documents in the cloud can put your data at risk. You’ve been warned over and over that you’re at risk while online, but what are those risks exactly? Let’s go over…
Read More »