Flaw – Page 5 – WindowsTechs.com

Microsoft patches critical vulnerability comparable to WannaCry

Posted on May 15, 2019 by Shannon Vavra

Microsoft released fixes Tuesday for a “wormable” remote code execution flaw reminiscent of the vulnerability that allowed WannaCry ransomware to propagate to computers around the globe in 2017. The Remote Desktop Services vulnerability, which Microsoft has rated as critical, could allow hackers to install programs, and view, change, or delete data. It requires no user interaction to work, meaning users don’t have to click on anything, such as a link, document, or message box, and attackers don’t need to run social engineering projects to dupe users. Microsoft took the unusual step of launching security updates for all users, including unsupported operating systems like XP and Windows 2003, due to the risk that the flaw can lead to self-propagating attacks. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the […]

The post Microsoft patches critical vulnerability comparable to WannaCry appeared first on CyberScoop.

Continue reading Microsoft patches critical vulnerability comparable to WannaCry→

WhatsApp, Linux Kernel, & Marcin Szary – Hack Naked News #218

Posted on May 14, 2019 by Security Weekly Productions

This week, hacking the unhackable eyeDisk USB stick, how to brick all Samsung mobile phones, how Twitter shared user location data through advertising, a 0-Day flaw used to install spyware on phones, and a Linux kernel flaw allows remote code execu… Continue reading WhatsApp, Linux Kernel, & Marcin Szary – Hack Naked News #218→

Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover

Posted on May 7, 2019 by Lindsey O'Donnell

Cisco has patched a critical flaw in its virtualized function automation tool, Cisco Elastic Services Controller. Continue reading Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover→

Apache, TicToCTrack, & Cyber Warfare – Hack Naked News #214

Posted on April 16, 2019 by Security Weekly Productions

This week, the Apache Tomcat Patches Important Remote Code Execution Flaw, New variants of Mirai botnet detected, targeting more IoT devices, Hackers used credentials of a Microsoft Support worker to access users’ webmail, TicTocTrack Smartwatch … Continue reading Apache, TicToCTrack, & Cyber Warfare – Hack Naked News #214→

Google, Microsoft work together for a year to figure out new type of Windows flaw

Posted on March 18, 2019 by Peter Bright

Researcher finds building blocks for privilege escalation: Can they be assembled to create a flaw? Continue reading Google, Microsoft work together for a year to figure out new type of Windows flaw→

Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection

Posted on March 15, 2019 by Lindsey O'Donnell

An unpatched high-severity vulnerability allows keystroke injections in Fujitsu wireless keyboards. Continue reading Unpatched Fujitsu Wireless Keyboard Bug Allows Keystroke Injection→

Nvidia patches eight security flaws in graphics products

Posted on February 27, 2019 by John E Dunn

Chip maker Nvidia has released a security update, fixing eight CVE flaws in its Windows and Linux graphics display drivers. Continue reading Nvidia patches eight security flaws in graphics products→

Anyone Can Spy on You With FaceTime, Here’s How to Turn It Off

Posted on January 29, 2019 by Lorenzo Franceschi-Bicchierai

A new bug allows anyone to listen in on your iPhone and, for now, there’s no fix. Continue reading Anyone Can Spy on You With FaceTime, Here’s How to Turn It Off→

Twitter bug exposed private tweets of Android users to public for years

Posted on January 18, 2019 by Carolina

By Carolina
A security bug in Twitter exposed private tweets of users to the public. The flaw only affected Android users of the Twitter app while iPhone users were not affected. According to Twitter, private tweets of users from November 3, 2014, to J… Continue reading Twitter bug exposed private tweets of Android users to public for years→

New flaw prompts Google to shut down Google+ for consumers within 90 days

Posted on December 10, 2018 by Zaid Shoorbajee

Google will shut down the consumer version of Google+ months sooner than planned after discovering a security flaw that impacted the privacy of some 52.5 million users, the company announced Monday. Google said in October that it would shut down the social media platform in August 2019, while also disclosing a bug that exposed non-public profile information. Monday’s announcement brings the farewell date for Google+’s consumer platform up to March 2019. The company said that an update to the platform last month inadvertently included a bug that affected a Google+ application programming interface (API). The bug existed for six days, Google said, and there’s no indication it was exploited before the company discovered it during standard testing procedures. In comparison, Google said it discovered the last Google+ API bug in March and disclosed it in October. The API is called “People: get” and it allows for developers using Google+ to request basic information associated with a user profile, like name, […]

The post New flaw prompts Google to shut down Google+ for consumers within 90 days appeared first on Cyberscoop.

Continue reading New flaw prompts Google to shut down Google+ for consumers within 90 days→