Magento Marketplace users were informed this week that a vulnerability allowed an unauthorized third party to gain access to some account information. The breach was discovered on November 21 and the service was temporarily shut down to address the security issue.
Proof of concept exploit code was published online this month for two Apache Solr vulnerabilities, signaling that attacks are probably on their way as hackers will find ways to weaponize the two exploits inside their botnets.
Of the two bugs, one received a patch over the summer, while the second has yet to be addressed by the Solr team.
Despite concerns over software security, many companies have not assigned a cybersecurity leader to help secure their applications — a problem that will only worsen as demand for technical security experts deepens worldwide.
A new program in the App Store is promising to help users detect if outsiders are lurking on their device.
Mobile apps that work with Bluetooth devices have an inherent design flaw that makes them vulnerable to hacking, new research has found.
The problem lies in the way Bluetooth Low Energy devices—a type of Bluetooth used by most modern gadgets—communicate with the mobile apps that control them, said Zhiqiang Lin, associate professor of computer science and engineering at The Ohio State University. Lin presented the findings this week at the Association for Computing Machinery's Conference on Computer and Communications Security (ACM CCS 2019).
Travelers are advised to avoid using public USB power charging stations in airports, hotels, and other locations because they may contain dangerous malware, the Los Angeles District Attorney said in a security alert published last week.
USB connections were designed to work as both data and power transfer mediums, with no strict barrier between the two. As smartphones became more popular in the past decade, security researchers figured out they could abuse USB connections that a user might think was only transferring electrical power to hide and deliver secret data payloads.
CISOs in the vast majority of UK organisations are not confident in their security posture, but that hasn't stopped those organisations from using security as a selling point. Consequently, CISOs are being put in a completely compromising position.
This is according to a new report by Nominet, based on a poll of 300 senior security pros in the UK and the US, which found many CISOs weren't confident in an organisation’s final choice of security solutions.
Intel addressed 77 vulnerabilities during the November 2019 Patch Tuesday, with more than two dozen of them being high severity and critical security flaws impacting Windows and Linux.
The issues were detailed in the 18 security advisories published by Intel on its Product Security Center, with the company having delivered them to users through the Intel Platform Update (IPU) process.
All Intel CPUs based upon Haswell up to the latest Cascade Lake CPUs have been discovered to be vulnerable to a new variant of Zombieload attacks, now known as Zombieload V2 as detailed in this whitepaper.
In the spring of last year, cybersecurity researcher Takeshi Suguwara walked into the lab of Kevin Fu, a professor he was visiting at the University of Michigan. He wanted to show off a strange trick he'd discovered. Suguwara pointed a high-powered laser at the microphone of his iPad—all inside of a black metal box, to avoid burning or blinding anyone—and had Fu put on a pair of earbuds to listen to the sound the iPad's mic picked up.
