Security News

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server.

Cisco patched nine publicly disclosed remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software.

Mike Mimoso and Chris Brook discuss the news of the week, including the Verizon breach, the Oracle session hijacking attack, a Telegram-based hacking tool, and a free EternalBlue scanner.

Data collected from the freely available scanner called EternalBlues shows that tens of thousands of computers remain vulnerable to the SMBv1 vulnerability that spawned WannaCry and ExPetr.

Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it.

Google has a new machine-learning algorithm it uses to compare new apps to known secure apps, improving the way it classifies submissions to Google Play.

An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data.

Data belonging to 14 million Verizon customers was exposed by a partner, which misconfigured a repository storing the personal information it had access to.

Botnets distributing FlokiBot point-of-sale malware are back in business spewing a new malware dubbed LockPoS.

Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies.