ISSCloud - Information Systems Solutions

isscloud

UPnP vulnerability allows attackers to scan internal networks and steal data

networking

Latest research has revealed that the Universal Plug and Play (UPnP) network protocol has an integral security flaw that leaves printers, routers, and millions of other devices wide open to an attack which can remotely commandeer them. The UPnP protocol has been in use since 2008 predominantly but not exclusively being installed on routers. It allows devices […]

Bluetooth flaw allows device impersonation

bluetooth conn

A Swiss research institute has uncovered yet another vulnerability in Bluetooth protocol that leaves millions of devices open to attack. Last year the same team of researchers revealed what they called a “novel and powerful” Key Negotiation of Bluetooth (KNOB) attack that impersonated the receiver of sensitive files and transmitted encrypted commands to unlock a […]

Lenovo ThinkPad will offer Linux pre-installed

fedora lenovo

According to an announcement published by Matthew Miller, Fedora Project Leader, on the popular website Fedora Magazine, new Lenovo ThinkPad laptops with Fedora Workstation pre-installed will be available in a near future. It is a pilot of Lenovo’s Linux Community Series – Fedora Edition, that begins with ThinkPad P1 Gen2, ThinkPad P53 and ThinkPad X1 […]

28 Antivirus products affected by symlink race bugs

antivirus

According to a report published this week by security researchers from RACK911, “symlink race” vulnerabilities were found in 28 of today’s most popular antivirus software. RACK911 Labs reports how they came up with a simple method of using directory junctions (Windows) and symlinks (macOS & Linux) to exploit the most popular antivirus programs. A symlink […]

Zero-Day exploit allows file overwriting on Windows

windows10 0day

A new zero-day vulnerability has been disclosed for the Windows operative system. This is the fourth exploit disclosed in just as many months by the security researcher under the alias of SandboxEscaper. She first announced on December 25 that on New Year she would release publicly the PoC for a new bug in Windows, however […]

EU approves bug bounty programs for 15 open source projects

european union

The European Union will be funding bug bounty programs for 15 open source projects starting January 2019, announced EU Parliament Member Julia Reda. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, and targeting some major Open Source projects in the market. The FOSSA project came […]

Security Flaw discovered on Electron-Based Apps

electron

Electron (formerly Atom Shell) is an open-source framework developed and maintained by GitHub. Electron allows building cross-platform desktop applications with web technologies such as HTML, CSS and JavaScript, by combining the Chromium rendering engine and Node.js into a single runtime. Electron is widely used, with Apps built on top of it including Microsoft Visual Studio […]

Google forces Android security patches roll-out

android

During this week’s Google I/O 2018 event at the Shoreline Amphitheatre, an outdoor venue in Mountain View, California, the company announced a great number of changes and new features, like the release of the Android P Beta Program, new Google Assistant features, changes in Gmail and many others. Security is a trending topic, and Google, […]

FBI paid Best Buy’s Geek Squad to pass private customer data

consumer privacy

Last tuesday the Electronic Frontier Foundation posted the records regarding a Freedom of Information lawsuit filled last year, revealing that federal agents would pay Geek Squad managers who’d then pass on information about illegal contents on devices sent in by customers for repairs. According to the documents released as a result of the lawsuit, this relationship […]

Faulty npm update crashes thousands of Linux Systems

npm

npm, a widely well-known and vastly popular package manager for the JavaScript programming language, packed with the runtime environment Node.js, that includes a command-line client (npm), packed a critical bug on it’s latest npm v5.7.0 update. This bug was found and first reported on GitHub only three hours after the update was released. According to Jared […]