Thousands of routers, modems, IP cameras, VoIP phones and other embedded devices share the same hard-coded SSH host keys or HTTPS server certificates.
Stories by Lucian Constantin
Users who have Dell Windows-based laptops, desktops, tablets and other devices that were bought before August should check if their systems have the self-signed eDellRoot certificate that can compromise their private communications.
For the third time in less than six months PC manufacturer Lenovo has had to update the System Update tool pre-loaded on some of its products for security reasons.
After Dell confirmed that one of its support tools installed a dangerous self-signed root certificate and private key on computers, users discovered a similar certificate deployed by a different Dell tool.
In an attempt to provide a more streamlined remote support experience, Dell installed a self-signed root certificate and corresponding private key on its customers' computers, exposing users' encrypted communications to potential spying.
Users are reporting that some Dell laptops sold recently come preloaded with a self-signed root digital certificate that lets attackers sniff traffic to any secure website.
A well-known adware program called Vonteera prevents users from installing antivirus products by artificially blacklisting their digital certificates in Windows.
An analysis of hundreds of publicly available firmware images for routers, DSL modems, VoIP phones, IP cameras and other embedded devices uncovered high-risk vulnerabilities in a significant number of them.
VirusTotal, the most widely used online file scanning service, is now executing suspicious Mac apps submitted by users inside a sandbox to generate information that could improve the analysis and detection of Mac malware.
Adobe fixed important vulnerabilities in its ColdFusion application server, LiveCycle Data Services framework and Premiere Clip iOS app.
Microsoft combines the attack protection, detection and response features built into Windows 10, Office 365, Azure and the Microsoft Enterprise Mobility Suite to help enterprises improve their operational security posture.
Thousands of mobile applications use cloud-based, back-end services in an insecure way, allowing anyone to access millions of sensitive records created by users, according to a recent study.
Security researchers from FireEye have discovered an attack campaign that has injected computer profiling and tracking scripts into over 100 websites visited by business executives, diplomats, government officials and academic researchers.
A researcher disclosed a trivial Windows authentication bypass that puts data on BitLocker-encrypted laptops at risk.
Some of the most popular continuous integration tools used by software development teams have not been designed with security in mind and can open a door for attackers to compromise enterprise networks.
- Commercial Senior Financial Planner - Melbourne VIC
- PowerOn Mobile Specialist WA
- Business Analyst - Finance - CBD NSW
- Network Solution Designer/Architect - Finance - Contract - Sydney NSW
- Organisational Change Manager - Financial Services NSW
- Test Manager - Data Warehouse experience ACT
- SAP Finance Consultant (Consolidations) ACT
- Program Business Change Director - HR Payroll NSW
- Wintel Server Support ACT
- Infrastructure Analyst QLD