There’s a critical vulnerability in a model of Fujitsu wireless keyboard that makes it easy for hackers to take full control of connected computers, security researchers warned on Friday. Anyone using the keyboard model should strongly consider replacing it immediately.
The Fujitsu Wireless Keyboard Set LX901 uses a proprietary 2.4 GHz radio communication protocol called WirelessUSB LP from Cypress Semiconductor. While the keyboard and mouse send input that’s protected with the time-tested Advanced Encryption Standard, the USB dongle that accepts the input accepts unencrypted packets as well, as long [...]
Malicious hackers wasted no time exploiting a nasty code-execution vulnerability recently disclosed in WinRAR, a Windows file-compression program with 500 million users worldwide. The in-the-wild attacks install malware that, at the time this post was going live, was undetected by the vast majority of antivirus product.
The flaw, disclosed last month by Check Point Research, garnered instant mass attention because it made it possible for attackers to surreptitiously install persistent malicious applications when a target opened a compressed ZIP file using any version of WinRAR released [...]
More than five years have passed since researchers warned of the serious security risks that a widely used administrative tool poses to servers used for some of the most sensitive and mission-critical computing. Now, new research shows how baseboard management controllers, as the embedded hardware is called, threaten premium cloud services from IBM and possibly other providers.
In short, BMCs are motherboard-attached microcontrollers that give extraordinary control over servers inside datacenters. Using the Intelligent Platform Management Interface, admins can reinstall operating [...]
Millions of sites that run the Drupal content management system run the risk of being hijacked until they’re patched against a vulnerability that allows hackers to remotely execute malicious code, managers of the open source project warned Wednesday.
CVE-2019-6340, as the flaw is tracked, stems from a failure to sufficiently validate user input, managers said in an advisory. Hackers who exploited the vulnerability could, in some cases, run code of their choice on vulnerable websites. The flaw is rated highly critical.
“Some field types do not properly sanitize data from [...]