When It Comes To IoT Security, Liability Is Muddled

BOSTON—From hacked connected cars to power grids, the implications of IoT security issues seem to be getting graver – yet when it comes to pointing fingers for security troubles, many times victims don’t even know where to start. IoT experts said at the Security of Things Forum today said that a...

Website Glitch Let Me Overstock My Coinbase

Coinbase and Overstock.com just fixed a serious glitch that allowed Overstock customers to buy any item at a tiny fraction of the listed price. Potentially more punishing, the flaw let anyone paying with bitcoin reap many times the authorized bitcoin refund amount on any canceled Overstock orders...

"Huge Dirty COW" (CVE-2017–1000405)

The “Dirty COW” vulnerability CVE-2016–5195 is one of the most hyped and branded vulnerabilities published. Every Linux version from the last decade, including Android, desktops and servers was vulnerable. The impact was vast — millions of users could be compromised easily and reliably, bypassing...

Understanding the Shared Security Model in Amazon Web Services

Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securin...

Experts Worry About Long-Term Implications of NSA Revelations

With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA’s collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what...

Microsoft Internet Explorer Mouse Tracking

Summary: Unprivileged attackers can track your system-wide mouse movements from any IE page, even when the page is unfocused or minimised. Package: Microsoft Internet Explorer Affected: Tested on versions 6–10 Introduction ----------------- A security vulnerability in Internet Explorer, versions...

Mozilla Warns of Unknown Root Certificate Authority in Firefox

In a startling revelation, the open-source Mozilla project says that its flagship Firefox browser contains a root certificate authority that doesn’t seem to have a known owner. It’s quite possible that this could be a legitimate root certificate that changed hands during a merger or some other...

2009: The Year That Was in Security

Threatpost editor Dennis Fisher talks about the implications of Howard Schmidt’s appointment, the story of the year in 2009 and what 2010 might bring for security...

SSL Flaw Has Researchers Hustling to Fix

A flaw in the SSL protocol that could affect company networks, hosting environments and key machines has security researchers scrambling. The flaw, which requires a hack in to a network to launch, has devastating consequences and implications on database and mail servers. Discovered in August by...

CVE-2020-24543

...

CVE-2022-46207

...

CVE-2018-12134

...

CVE-2023-48729

...