DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
A team of nine academics is warning the world about a critical vulnerability in the OpenPGP and S/MIME email encryption tools. The flaw, if exploited, allow an attacker to decrypt sent or received messages, according to the researcher team.
Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control.
Microsoft has released debugging symbols for many of the core components of Hyper-V. Using these debugging symbols, security researchers can analyze them for vulnerabilities in order to submit them to the Hyper-V bug bounty program.
Schneider Electric, one of the largest makers of hardware and software products used across critical industry verticals has patched a vulnerability in two software products —InduSoft Web Studio and InTouch Machine Edition.
Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike.
An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.
A smart city can be described as a city that incorporates the capabilities of web connectivity, analytics, mobile solutions, sensors, data collection and other technology. This can include surveillance systems utilized by law enforcement, smart congestion-mitigating traffic systems, LED streetlights, and smart grids.
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking.
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory.
Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.
Two security researchers from F-Secure have created a device that can read any valid or expired hotel key card and generate a master key that can open any room door or grant attackers access to secure hotel areas.
A security researcher has released a proof-of-concept exploit affecting the Nvidia Tegra chips that come with Nintendo Switch devices.
A prodigious 18-year-old bug hunter from Chicago has discovered and reported a critical vulnerability in a LinkedIn social button that could have been abused to harvest LinkedIn user information, some of which may not have been public.
A team of academics has identified an issue with the Zeroicoin protocol scheme, along with two security flaws in libzerocoin, the software library used for building actual cryptocurrencies around protocol.
Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process [1, 2, 3].
Hackers can easily spoof and hijack communications targeting sirens part of emergency alert systems to trigger false alerts and cause panic among a local population.
Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether.