Tag Archives: vulnerabilities

Linux has been bitten by its most high-severity vulnerability in years

reader comments 52 with 45 posters participating Share this story Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps. Dirty Pipe,… Read More: Linux has been bitten by its most high-severity vulnerability in… »

Attackers can force Amazon Echos to hack themselves with self-issued commands

Enlarge / A group of Amazon Echo smart speakers, including Echo Studio, Echo, and Echo Dot models. (Photo by Neil Godwin/Future Publishing via Getty Images) T3 Magazine/Getty Images reader comments 19 with 14 posters participating Share this story Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them… Read More: Attackers can force Amazon Echos to hack themselves with self-issued… »

Millions of WordPress sites get forced update to patch critical plugin flaw

Getty Images reader comments 28 with 23 posters participating Share this story Millions of WordPress sites have received a forced update over the past day to fix a critical vulnerability in a plugin called UpdraftPlus. The mandatory patch came at the request of UpdraftPlus developers because of the severity of the vulnerability, which allows untrusted… Read More: Millions of WordPress sites get forced update to patch critical… »

Hacking group is on a tear, hitting US critical infrastructure and SF 49ers

reader comments 30 with 17 posters participating, including story author Share this story A couple of days after the FBI warned that a ransomware group called BlackByte had compromised critical infrastructure in the US, the group hacked servers belonging to the San Francisco 49ers football team and held some of the team’s data for ransom.… Read More: Hacking group is on a tear, hitting US critical infrastructure… »

A bug lurking for 12 years gives attackers root on every major Linux distro

reader comments 41 with 35 posters participating, including story author Share this story Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system. Previously called PolicyKit, Polkit manages system-wide… Read More: A bug lurking for 12 years gives attackers root on… »

If you like the data on your WD My Cloud OS 3 device, patch it now

reader comments 11 with 11 posters participating Share this story Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS. CVE-2021-40438, as one of the… Read More: If you like the data on your WD My Cloud… »

The Log4Shell zeroday 4 days on. What is it and how bad is it really?

reader comments 27 with 24 posters participating Share this story Log4Shell is the name given to a critical zeroday vulnerability that surfaced on Thursday when it was exploited in the wild in remote-code compromises against Minecraft servers. The source of the vulnerability was Log4J, a logging utility used by thousands if not millions of apps,… Read More: The Log4Shell zeroday 4 days on. What is it and… »

The Internet’s biggest players are all affected by critical Log4Shell 0-day

reader comments 67 with 51 posters participating, including story author Share this story The list of services with Internet-facing infrastructure that is vulnerable to a critical zero-day vulnerability in the open source Log4j logging utility is immense and reads like a who’s who of the biggest names on the Internet, including Apple, Amazon, Cloudflare, Steam,… Read More: The Internet’s biggest players are all affected by critical Log4Shell… »

300,000 MikroTik routers are ticking security time bombs, researchers say

Getty Images reader comments 36 with 30 posters participating Share this story As many as 300,000 routers made by Latvia-based MikroTik are vulnerable to remote attacks that can surreptitiously corral the devices into botnets that steal sensitive user data and participate in Internet-crippling DDoS attacks, researchers said. The estimate, made by researchers at security firm… Read More: 300,000 MikroTik routers are ticking security time bombs, researchers say »

Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty

Enlarge / Pseudonymous researcher illusionofchaos joins a growing legion of security researchers frustrated with Apple’s slow response and inconsistent policy adherence when it comes to security flaws. Aurich Lawson | Getty Images reader comments 88 with 56 posters participating, including story author Share this story Yesterday, a security researcher who goes by illusionofchaos dropped public notice… Read More: Three iOS 0-days revealed by researcher frustrated with Apple’s bug… »