Security

Unpatched versions of the Drupal open source content management system (CMS) are vulnerable to remote exploitation which could lead to remote code execution.

Given enough privileges associated with the user that the Drupal installation runs under, this could allow bad actors to create new accounts with full users rights, as well as view, change, delete data on the compromised target.

Telepresence robots from Vecna Technologies can be hacked using a suite of five vulnerabilities. The flaws can be combined to allow an attacker full control over a robot, giving an intruder the capability to alter firmware, steal chat logs, pictures, or even access live video streams.

Vecna has already patched two of the five vulnerabilities and is in the process of addressing the other three.

Several router models from D-Link are vulnerable to three security bugs that could help an attacker get full control over them.

Taken separately, the vulnerabilities are a path traversal, securing passwords in plain text and shell command execution; but by chaining them together an attacker could run code of their own on the devices.

Facebook has tentatively concluded that spammers masquerading as a digital marketing company were behind the massive security breach revealed last month, and not hackers working for a nation-state, the Wall Street Journal reported late Wednesday.

Apple, Google, Microsoft, and Mozilla have announced a unified plan to deprecate the use of TLS 1.0 and 1.1 early in 2020.

TLS (Transport Layer Security) is used to secure connections on the Web. TLS is essential to the Web, providing the ability to form connections that are confidential, authenticated, and tamper-proof. This has made it a big focus of security research, and over the years, a number of bugs that had significant security implications have been found in the protocol. Revisions have been published to address these flaws.

A much-hyped dating site for Donald Trump supporters in the US is being blasted for shoddy security that may have exposed all of its users to eavesdropping and account theft.

Donald Daters pitches itself as "an American-based singles community connecting lovers, friends, and Trump supporters alike." The app, offered for both iOS and Android, was brought into the national spotlight on Monday when it was featured on Fox News.

The UK's top cyber-defence centre has stopped Britain falling victim to almost 1,200 attacks in the last two years, its annual review reveals.

The National Cyber Security Centre (NCSC) was currently defeating about 10 attacks every week, it said. Most of the attacks were carried out by state-sponsored hackers employed by hostile nations, it added.

IT'S no secret that computers are insecure. Stories like Facebook's 50 million user accounts breached and government agencies compromised are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg.

The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space.

In most cases, fake Flash updates pushing malware are not very stealthy. In recent years, such imposters have often been poorly-disguised malware executables or script-based downloaders designed to install cryptocurrency miners, information stealers, or ransomware. If a victim runs such poorly-disguised malware on a vulnerable Windows host, no visible activity happens, unless the fake updater is pushing ransomware.

A brief look at the news is enough for anyone to realize that cyber attacks are a real threat. Just recently, we’ve seen western governments strongly condemn Russia for hacking attacks. We also saw a couple of reports that claimed that China could backdoor into products using hardware implants — although one of them was strongly refuted. And we shared a story about Google+ suffering from a serious security issue that Google was afraid to tell the public about.