tag
Vulnerability

Belkin’s ‘Smart Home’ system has security flaws which could ‘black out’ homes – or start fires

Belkin’s WeMo home automation systems contain multiple vulnerabilities which could allow attackers to remotely control devices attached to a WeMo system – for instance, blacking out lighting in a home, or even starting fires, researchers have claimed.

Critical IE and other flaws discovered. Patch your systems now, says Microsoft

If your system administrator looks a little frazzled this week, be nice to him or her and don’t grumble too much about the photocopier being jammed. It may be that they have more serious issues on their mind.

Discreet messaging site Snapchat leaks 4.6 million phone numbers, names – after ‘ignoring warnings’

Hackers have published what they claim is a database of 4.6 million Snapchat users, with phone numbers matched to usernames, which is searchable online now. The hack could be a huge blow to the ‘discreet’ photo-message service.

Could new malware steal data from INSIDE your SD card? Researchers claim even solid-state PC drives could be at risk

Two researchers have demonstrated an attack that could alter and steal data direct from MicroSD cards, using tiny microcontrollers on the cards themselves. The attack could be used to copy or steal data – and even modify sensitive data such as encryption keys.

Grim warning for bounty hunters – Yahoo pays out paltry $12.50 per vulnerability

Finding vulnerabilities can be a profitable business – even if you work for the right side of the law. Last month, Facebook paid out $12,500 to a researcher for finding a bug – this month, Yahoo! paid out … $12.50.

“Bug bounties” are cheap way to keep companies secure, Berkeley study finds

“Bug bounties” paid out for finding and reporting bugs and vulnerabilities are a cheap and effective way for companies to bolster their security, an independent study by UC Berkeley researchers has found.

U.S. and China plan to “work together” on cybersecurity

China and the U.S. have agreed to work together on cyber security, with the two countries setting up a working group to deal with the issue, U.S Secretary of State John Kerry said on Saturday in Beijing.

Call for new cyber laws after major U.S. banks knocked offline for 249 hours in six weeks

Representative Mike Rogers, Chairman of the Permanent Select Committee on Intelligence, said that Congress needs to act quickly, in an interview with NBC this week. The websites of major U.S. banks have been offline for 249 hours in the past six weeks, due to a series of sustained cyber attacks by an unknown foreign group.

Adobe and Microsoft release critical patches for March

Adobe and Microsoft have both released patches this week to address vulnerabilities in respective software applications and advise all users to apply the patches as soon as possible, if applicable to them.

The Dynamic Duo for Securing your Android: Common Sense and Security Software

On Thursday, September 12, Duo Security, a young-but-respected vendor of two-factor authentication devices, announced the preliminary results of a study of over 20,000 Android devices from a two month old study they performed. Based on the results, they calculated that over half of Android devices on the market have security vulnerabilities that are, as yet,

Instagram vulnerability can allow strangers access to your photos and more

Are you one of the 50 million users of Instagram, the photo-sharing service bought by Facebook in April for $1 billion? If so you need to look out for an Instagram update to fix a vulnerability that has just been published by Spanish security researcher Sebastián Guerrero. This vulnerability, which Guerrero has dubbed the "Friendship

Vulnerable WordPress Leads to Security Blog Infection

Even visiting security-oriented websites can sometimes be risky. If you’ve visited the security blog zerosecurity.org this month and you’re also a user of ESET’s security products, you might have encountered an anti-virus alert such as this one: The detection names may vary. Different variants of the following “generic families” were detected on the compromised websites on

Much Ado About Facebook, Part II

Since yesterday’s Much Ado About Facebook post in the ESET Threat Blog, we have written additional articles, received a few comments, and also received updated information on the “threat,” so it seems that now is a good time for a follow-up article.  Reports continue to come in of pornographic and violent imagery on Facebook, and

Where there’s smoke, there’s FireWire

Forensic software developer PassWare announced a new version of its eponymous software forensics kit on Tuesday. Already several news sources are writing about how the program can automatically obtain the login password from a locked or sleeping Mac simply by plugging in a USB flash drive containing their software and connecting it to another computer

Spearphishing APT-itude Test

My latest blog for SC Magazine's Cybercrime Corner looked at the recent APT (Advanced Persistent Threat) attack on RSA, in the light of Uri Rivner's blog on the implementation of the attack.  Unfortunately, the exact nature of the target and damage remains somewhat obscure, so while I certainly consider Rivner's blog worth reading, I also found myself

Stuxnet Resources Update

Added to the resources blog at http://blog.eset.com/2011/01/03/stuxnet-information-and-resources: Report of a Stuxnet-unrelated vulnerability in SCADA software A speculative cyberwar link Some links on Iranian post-Stuxnet "cybermilitia" recruitment. http://www.itworld.com/security/133469/iran-responds-stuxnet-expanding-cyberwar-militia http://blogs.forbes.com/jeffreycarr/2011/01/12/irans-paramilitary-militia-is-recruiting-hackers/?boxes=financechannelforbes David Harley CITP FBCS CISSP

Your Fantasy, A Criminal’s Dream

Fantasy sporting leagues have become very popular. A good friend of mine is into fantasy car racing teams. Other friends are into fantasy soccer (football elsewhere in the world). In the US a lot of people are into the fantasy NFL (National Football League –not soccer). Recently a researcher, Gary Rios, joined an ESPN sponsored

MouseOver, Game Over

In some computer programming languages there is an event called “mouseover”. This command is used to determine what happens when a user put the mouse over a specific object. When you put the mouse over a hyperlink and see where that link will take you, that is a “mouseover” command at work. When you place

Run! It’s the Fuzz!

Unfortunately, I'm not able to attend the CanSecWest 2010 conference in Vancouver this week, though I think Pierre-Marc will be there. I would have been more than a little interested in Charlie Miller's presentation on fuzzing Mac applications: that is, “…a method for discovering faults in software by providing unexpected input and monitoring for exceptions.” 

Operation Cyber ShockWave

While serving in the Marine Corps, one activity that I felt was effective in preparing both myself and my unit to be able to handle real-world scenarios, was getting as much experience as possible from military training exercises. In most cases multiple branches worked together or, as in the case with NATO exercises, multiple countries

Follow Us

Sign up to our newsletter

The latest security news direct to your inbox

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2015 ESET, All Rights Reserved.