Remote access flaws found in popular routers, NAS devices

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access. Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks. The devices ranged from units intended for the general public … More Remote access flaws found in popular routers, NAS devices

Microsoft warns of new BlueKeep‑like flaws

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10. Microsoft issued fixes for four critical vulnerabilities in Remote Desktop Services (RDS) this week, likening two of them to ‘BlueKeep’, another critical flaw in the same Windows component. All four Remote Code Execution (RCE) flaws – tracked as CVE‑2019‑1181, CVE‑2019‑1182, CVE‑2019‑1222 and CVE‑2019‑1226 – can be exploited by … More Microsoft warns of new BlueKeep‑like flaws

VLC player has a critical flaw – and there’s no patch yet

On the flip side, there are currently no known cases of the vulnerability being exploited in the wild. Germany’s national Computer Emergency Response Team (CERT-Bund) has issued a security advisory to alert users of VLC media player of a severe vulnerability affecting this extremely popular open-source software. “A remote, anonymous attacker can exploit the vulnerability in VLC … More VLC player has a critical flaw – and there’s no patch yet

Flaws in smart car alarms exposed 3 million cars to hijack

The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix. Two smart alarm systems for cars have plugged critical security holes that put three million vehicles globally at risk of being hijacked, research by Pen Test Partners reveals. If exploited, the vulnerabilities would have enabled anyone to turn the alarm … More Flaws in smart car alarms exposed 3 million cars to hijack

Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites

The campaign’s goals aren’t immediately clear, as the malefactors don’t appear to be leveraging the hijacked websites for further nefarious purposes. Attackers have been exploiting a security weakness in a GDPR compliance plugin for WordPress to seize control of vulnerable websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web … More Attackers exploit flaw in GDPR-themed WordPress plugin to hijack websites