Nagios 4.2.4 closes serious root privilege escalation bug
If you’re using Nagios to monitor your systems, networks and infrastructure, and you have not updated to version 4.2.4, you better hop to it. This latest release fixes a high severity root privilege escalation vulnerability (CVE-2016-9566) discovered by researcher Dawid Golunski, who published a proof-of-concept exploit for it on Thursday.
Joomla vulnerability can be exploited to hijack sites, so patch now!
If you’re running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible – or risk your site being hijacked. The newest version of the popular CMS has been released on Tuesday (December 13), and it fixes three vulnerabilities, several bugs, and includes a number of new security…
Is Bluetooth Security Good Enough for Your Most Sensitive Corporate Communications?
Most users take Bluetooth security for granted. When you’re enjoying the convenience of hands-free phone conversations, streaming podcasts in your car or jogging with your awesome new wireless headphones, do you need to worry about whether the communication channel is secure or not? What’s acceptable for consumers may not meet corporate standards. With a new…
Yahoo Pays Out $10,000 Bounty for Critical Mail Flaw
A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email. Nearly one year ago, Jouko Pynnönen of Finland-based software company Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in the web version of the Yahoo!…
How to Find and Remediate Vulnerabilities in Real Time
Every business, large or small, must be able to remediate vulnerabilities that can threaten to undermine all its hard work and success. The security analysts and IT operators at these organizations have surely heard of household-name vulnerabilities like Heartbleed and Shellshock. But do they have all the knowledge and tools they need to track and…
Researchers Demo Method For Turning A PC Into An Eavesdropping Device
Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones. In a paper titled “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit,” the researchers this week described malware they have developed for reconfiguring…
Key causes of network outages and vulnerabilities
A new global study, conducted by Dimensional Research, surveyed 315 network professionals about their experiences with network outages, vulnerabilities and compliance. Among the report’s findings, there is almost universal agreement that human factors lead to network outages, and in many cases these outages are quite frequent.
AtomBombing: The Windows Vulnerability that Cannot be Patched
Researchers have discovered a code-injection vulnerability in the Windows operating system that cannot, because of the nature of the operating system, be patched. It could be used to bypass current malware protection solutions in place. “Unfortunately,” writes enSilo researcher Tal Liberman in a report published Oct. 27, “this issue cannot be patched since it doesn’t rely…
Flash zero-day being exploited in targeted attacks
A newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions for the following operating systems: Windows Mac Linux Chrome OS According to Adobe, an exploit…
ICS Networks at Risk Due to Flaw in Schneider PLC Simulator
On Tuesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, Indegy CTO Mille Gandelsman disclosed a vulnerability found by the company in Unity Pro, a Windows-based programming, debugging and operating software for Schneider’s programmable logic controllers (PLCs). Unity Pro, typically deployed on engineering workstations, includes a PLC simulator component that allows users to test applications without…