RunC Flaw Lets Attackers Escape Linux Containers to Gain Root on Hosts

Posted on February 14th, 2019 by Responsible Cyber

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system.The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly disclosed […]

Read More

New Unpatched macOS Flaw Lets Apps Spy On Your Safari Browsing History

Posted on February 13th, 2019 by Responsible Cyber

A new security vulnerability has been discovered in the latest version of Apple’s macOS Mojave that could allow a malicious application to access data stored in restricted folders which are otherwise not accessible to every app.Discovered by application developer Jeff Johnson on February 8, the vulnerability is unpatched at the time of writing and impacts […]

Read More

Major Zcash Vulnerability Fixed – Schneier on Security

Posted on February 6th, 2019 by Responsible Cyber

Major Zcash Vulnerability FixedZcash just fixed a vulnerability that would have allowed “infinite counterfeit” Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary. Tags: blockchain, cryptocurrency, patching, vulnerabilities […]

Read More

Cisco Router Vulnerability Gives Window into Researchers’ World

Posted on February 2nd, 2019 by Responsible Cyber

The research around a recent vulnerability shows how researchers follow leads and find unexpected results. In late January, researchers found a vulnerability in Cisco RV320 and RV325 routers — routers aimed at the needs of small businesses and remote offices. Cisco quickly released a software patch to close the vulnerability, but some of the research […]

Read More

Hacking Construction Cranes – Schneier on Security

Posted on February 1st, 2019 by Responsible Cyber

Hacking Construction CranesConstruction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we’ve outlined, we were able to perform the attacks […]

Read More

iPhone FaceTime Vulnerability – Schneier on Security

Posted on February 1st, 2019 by Responsible Cyber

iPhone FaceTime VulnerabilityThis is kind of a crazy iPhone vulnerability: it’s possible to call someone on FaceTime and listen on their microphone — and see from their camera — before they accept the call. This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it’s fixed. But it’s hard to imagine […]

Read More

Japan Authorizes IoT Hacking

Posted on January 30th, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-7168 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. CVE-2019-7169 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title […]

Read More

Ukraine Sees Surge in Election-Targeted Cyberattacks

Posted on January 30th, 2019 by Responsible Cyber

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2019-7168 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog. CVE-2019-7169 PUBLISHED: 2019-01-29A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title […]

Read More