A critical security flaw in popular industrial software put power plants at risk

A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker […]

Car hackers find remotely exploitable vulnerabilities in Volkswagen and Audi vehicles

Security researchers discovered multiple vulnerabilities in Volkswagen and Audi vehicles that open them up to remote hacking. The flaws in the Volkswagen Group’s Harman-manufactured in-vehicle infotainment (IVI) system could allow an attacker to remotely access the microphone, speakers, and navigation system. Put another way, an attacker could turn the microphone on or off, eavesdrop on […]

Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges

The speed at which malicious attackers recently exploited a remote code execution flaw in the Drupal content management system (CMS) should serve as fresh warning about the need for organizations to test processes for quickly responding to vulnerability disclosures. Drupal administrators last week rushed out an out-of-cycle security release warning about a highly critical vulnerability […]

What Meltdown and Spectre Mean for Mobile Device Security

There’s no question we’re still on high alert from Meltdown and Spectre. The fear and uncertainty has been unsettling for everyone, and it will take a while for things to calm down as patches are released —  and recalled —  for desktop operating systems. There’s less talk of the situation on the mobile side. From […]

Why good security foundations are better than the best security mitigation

Security for the IoT must start with the most basic security building blocks. It is very challenging to add security to an operating device retrospectively, as it is to mitigate security concerns after-the-fact. Hence, security should be in the DNA of the device. There are just a few key steps which need to be taken in […]

New Drupal RCE vulnerability under active exploitation, patch ASAP!

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affects Drupal versions 7.x and 8.x. Users should upgrade to v7.59 and 8.5.3. Those who, for whatever reason, can’t implement […]

The Default SAP Configuration That Every Enterprise Needs to Fix

A new report out today shows that 90% of SAP systems in the enterprise are exposed to complete system compromise via a 13-year-old configuration vulnerability that few organizations have taken action on. This exposure puts business-critical systems like ERP, HR, finance and supply chain all at risk. Detailed in a report published today by ERP security firm […]

IT must patch against Total Meltdown now: The source code is on GitHub

The source code for Total Meltdown, a vulnerability created when Microsoft tried to patch the initial Meltdown flaw, is now available on GitHub. A person known as XPN, whose blog lists them as a hacker and infosec researcher, posted details of a working exploit that takes advantage of Total Meltdown on Monday. In addition to that blog post, […]

Drupal users take cover—code-execution bug is being actively exploited

Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers. Just hours after maintainers of the open-source program disclosed the vulnerability, it came under active attack, they said. So far, the attackers are using proof-of-concept attack code published online that […]

Hackers built a ‘master key’ for millions of hotel rooms

Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties […]