Secure Boot Vulnerability Exposes Windows Devices to Attacks | SecurityWeek.Com

Secure Boot Bypass Allows Hackers to Load Bootkits/Rootkits on Windows Devices 

Microsoft has been attempting to patch a serious Secure Boot vulnerability that can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices. Researchers believe the security flaw cannot be fully patched. [....]

http://www.securityweek.com/secure-boot-vulnerability-exposes-windows-devices-attacks via @SecurityWeek

Facebook XSS could have allowed attackers to take over users’ accounts

The security expert Jack Whitton reported a critical XSS vulnerability to Facebook that could be exploited by hackers to take over users’ Facebook accounts. The researchers reported the flaw to Facebook in July 2015, and the company fixed the problem in just 6 hours.[...]

Vulnerability Management Program Best Practices – Part 1

An enterprise vulnerability management program can reach its full potential when it is built on well-established foundational goals that address the information needs of all stakeholders, its output is tied back to the goals of the enterprise, and there is a reduction in the overall risk of the organization.[...]

Google releases Security Patch for Android Stagefright 2.0 Vulnerability

Google reportedly fixed the latest round of Stagefright vulnerabilities in Android, pushing its latest over-the-air (OTA) update to Nexus devices. Last week, researchers warned of Stagefright 2.0 vulnerability that affected more than one Billion Android devices dating back to the latest versions [...]

Design Flaws Make Drones Vulnerable to Cyber-Attacks

In the past, The Hacker News (THN) reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones (MalDrone), or Weaponized drones getting legal, or Drones hacking smartphones. And now the reports depict... Security Researcher has showcased [...]

Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

Attention Android users! More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities. Yes, Android Stagefright bug is Back… …and this time, the flaw allows an attacker to hack Android smartphones just [...]

Beware Coffee Lovers! StarBucks Exposed you to 3 Critical Vulnerabilities.

Ever registered on StarBucks website? Change your passwords now! If you are one of those Millions Starbucks customers who have registered their accounts and credit card details on StarBucks website, then your banking details are vulnerable to hackers. An Independent Security Researcher, Mohamed [...]

Popular Belkin Wi-Fi Routers vulnerable to Hackers.

 US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities. CERT in their Vulnerability Note VU#201168 (Vulnerability ID) said, that Belkin’s N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely [...]

Android Vulnerability Traps Devices in 'Endless Reboot Loop'

Poor Android users are facing a terrible, horrible, and awful week. Few days ago, Trend Micro security researchers uncovered a Android crashing vulnerability in the widely used mobile operating system, impacting the majority of Android devices in use. The report follows another significant [...]

Critical Persistent Injection Vulnerability in Apple App Store and iTunes.

A critical vulnerability has been discovered in the official Apple’s App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in [...]

Apple Mac OS X Vulnerability Allows Attackers to Hack your Computer.

A security researcher has discovered a critical vulnerability in the latest version of Apple's OS X Yosemite that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet. The privilege-escalation vulnerability initially reported on Tuesday [...]

Java Zero-day vulnerability exploited in the Wild.

 Really a bad weekend for Internet users. Three previously unknown critical zero-day vulnerabilities were revealed in Adobe’s Flash Player over the weekend, thanks to Hacking team data Breach in which 400GB of internal data were leaked over the Internet. Now, a new zero-day vulnerability has [...]

Critical OpenSSL Flaw Allows Hackers to Impersonate Any Trusted SSL Certificate

 The mysterious security vulnerability in the widely used OpenSSL code library is neither HeartBleed nor FREAK, but it’s critical enough to be patched by sysadmins without any delay. OpenSSL Foundation released the promised patch against a high severity vulnerability in OpenSSL versions 1.0.1n [...] 

OPM Temporarily Shuts Down Background Check App to Fix Security Hole.

 The web gateway used to render materials for Federal Background Investigations for employees and contractors has been shut down for several weeks after a vulnerability was detected, the Office of Personnel Management announced. The agency announced the shut down citing the discovery of a vulnerability [...]...

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards.

Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals [...]...

NetUSB Driver Flaw Exposes Millions of Routers to Hacking

A simple but shockingly dangerous vulnerability has been uncovered in the NetUSB component, putting Millions of modern routers and other embedded devices across the globe at risk of being compromised by hackers. The security vulnerability, assigned CVE-2015-3036, is a remotely exploitable kernel [...] - See more at: http://thehackernews.com/#sthash.0mCBQt0u.dpuf