Schneider Electric, one of the largest makers of hardware and software products used across critical industry verticals has patched a vulnerability in two software products —InduSoft Web Studio and InTouch Machine Edition.
Microsoft's patches for the Meltdown vulnerability have had a fatal flaw all these past months, according to Alex Ionescu, a security researcher with cyber-security firm Crowdstrike.
An Argentinian security researcher named Ezequiel Fernandez has published a powerful new tool yesterday that can easily extract plaintext credentials for various DVR brands and grant attackers access to those systems, and inherently the video feeds they're supposed to record.
A smart city can be described as a city that incorporates the capabilities of web connectivity, analytics, mobile solutions, sensors, data collection and other technology. This can include surveillance systems utilized by law enforcement, smart congestion-mitigating traffic systems, LED streetlights, and smart grids.
A Dutch cyber-security firm has discovered that in-vehicle infotainment (IVI) systems deployed with some car models from the Volkswagen Group are vulnerable to remote hacking.
For more than a week hackers have started scanning the Internet, searching for machines running Oracle WebLogic servers. Scans started after April 17, when Oracle published its quarterly Critical Patch Update (CPU) security advisory.
Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.
Two security researchers from F-Secure have created a device that can read any valid or expired hotel key card and generate a master key that can open any room door or grant attackers access to secure hotel areas.
A security researcher has released a proof-of-concept exploit affecting the Nvidia Tegra chips that come with Nintendo Switch devices.
A prodigious 18-year-old bug hunter from Chicago has discovered and reported a critical vulnerability in a LinkedIn social button that could have been abused to harvest LinkedIn user information, some of which may not have been public.
A team of academics has identified an issue with the Zeroicoin protocol scheme, along with two security flaws in libzerocoin, the software library used for building actual cryptocurrencies around protocol.
Intel has addressed a vulnerability in the configuration of several CPU series that allow an attacker to alter the behavior of the chip's SPI Flash memory —a mandatory component used during the boot-up process [1, 2, 3].
Hackers can easily spoof and hijack communications targeting sirens part of emergency alert systems to trigger false alerts and cause panic among a local population.
Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether.
A bill was passed yesterday by the state of Georgia that causes any unauthorized access to a computer to be considered "Unauthorized Computer Access" & "shall be punished for a misdemeanor of a high and aggravated nature". This bill amends the Georgia code, which originally only considered unauthorized access with malicious intent.
Cisco removed today a backdoor account from its IOS XE operating system that would have allowed a remote attacker to log into Cisco routers and switches with a high-privileged account.
The Drupal CMS team has fixed a highly critical security flaw that allows hackers to take over a site just by accessing an URL.
Firmware updates are available for a wide range of security flaws that are bound to cause a lot of problems on the IoT landscape.
The March 2018 Patch Tuesday contains a fix for a severe vulnerability affecting the CredSSP protocol; a vulnerability that affects all Windows versions ever released.