Expert found multiple flaws in Cisco Small Business 220 series

A researcher discovered multiple vulnerabilities in smart switches of Cisco’s Small Business 220 series, including some issues rated as high severity. Security researcher Jasper Lievisse Adriaanse has discovered multiple vulnerabilities Cisco’s Small Business 220 series smart switches. The vulnerabilities impact devices running firmware versions prior 1.2.0.6 and which have the web-based management interface enabled. The … Continue reading Expert found multiple flaws in Cisco Small Business 220 series

Microsofts new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

Devices have multiple OSs and firmware running, and most organisations don't know what they have or if it's secure. Microsoft will use ReFirm to make it easier to find out without being an expert. Image: Microsoft As operating systems become more secure, attackers are increasingly shifting their attention to firmware, which is less visible, more … Continue reading Microsofts new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

Security Flaw Discovered In Peloton Equipment

Security Flaw Discovered In Peloton Equipment The vulnerability could give attackers remote root access to the bike's tablet, researchers report. A vulnerability in the Peloton Bike+ could have allowed an attacker to remotely spy on users, McAfee's Advanced Threat Research (ATR) team found. The bug, which has already been addressed through a mandatory patch issued … Continue reading Security Flaw Discovered In Peloton Equipment

Peloton Bike+ vulnerability allowed complete takeover of devices

A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. Peloton is the manufacturer of immensely popular fitness machines, including the Peloton Bike, Peloton Bike+, and the Peloton Tread. In a new report released by … Continue reading Peloton Bike+ vulnerability allowed complete takeover of devices

Instagram flaw allowed to see private, archived Posts/Stories of users without following them

Instagram has addressed a new flaw that allowed anyone to access private accounts viewing archived posts and stories without having to follow them. Researcher Mayur Fartade has found a vulnerability in Instagram that allowed anyone to access private accounts, viewing archived posts and stories without having to follow them. The expert reported the flaw to … Continue reading Instagram flaw allowed to see private, archived Posts/Stories of users without following them

Microsoft product vulnerabilities reached a new high of 1,268 in 2020

56% of all Microsoft critical vulnerabilities could have been mitigated by removing admin rights, according to the 2021 BeyondTrust Microsoft Vulnerabilities Report. Image: Anawat Sudchanham/EyeEm/Getty Images The total number of vulnerabilities in Microsoft products reached an all-time high of 1,268 in 2020, a 48% increase year over year, according to a new report. Windows, with … Continue reading Microsoft product vulnerabilities reached a new high of 1,268 in 2020

What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain

What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain Older technologies used in industrial and critical infrastructure leave the sector highly vulnerable to attack, but organizations can take steps to better protect themselves. Over the past year, we saw many unpredictable challenges. To stay connected and keep things moving while adhering … Continue reading What Industrial Control System Vulnerabilities Can Teach Us About Protecting the Supply Chain

defenselessV1 – Just Another Vulnerable Web Application

Defenseless is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of this application is to create security awareness among developers and new guys in application security. It would soon be updated with with more bugs and a new vulnerable application is also being developed. Please let … Continue reading defenselessV1 – Just Another Vulnerable Web Application

CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros

An authentication bypass flaw in the polkit auth system service used on most Linux distros can allow to get a root shell. An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560, which is used on most Linux distros can allow an unprivileged attacker to get a root shell. “A flaw was … Continue reading CVE-2021-3560 flaw in polkit auth system service affects most of Linux distros

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user. Tracked as CVE-2021-3560 (CVSS score: 7.8), the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who … Continue reading 7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access