ISSCloud - Information Systems Solutions


Microsoft blocks Windows Defender ability following major security concerns

windows defender

Microsoft has blocked the ability to download files using Windows Defender after it was shown how easily it could be used by attackers to install malware onto a computer.  Earlier this year, for reasons yet unclear, Microsoft discreetly added the ability to download files using Windows Defender. When this was publicly recognized, there was grave concern from […]

Windows 10 themes can be abused to steal passwords

windows theme bugs

Security researcher Jimmy Bayne (@bohops) has revealed that specially crafted Windows themes can be used to perform Pass-the-Hash attacks and steal passwords. Pass-the-Hash attacks are used to steal Windows login names and password hashes by tricking the user into accessing a remote SMB share that requires authentication. A theme’s settings are saved under the %AppData%\Microsoft\Windows\Themes folder as a […]

UPnP vulnerability allows attackers to scan internal networks and steal data


Latest research has revealed that the Universal Plug and Play (UPnP) network protocol has an integral security flaw that leaves printers, routers, and millions of other devices wide open to an attack which can remotely commandeer them. The UPnP protocol has been in use since 2008 predominantly but not exclusively being installed on routers. It allows devices […]

Bluetooth flaw allows device impersonation

bluetooth conn

A Swiss research institute has uncovered yet another vulnerability in Bluetooth protocol that leaves millions of devices open to attack. Last year the same team of researchers revealed what they called a “novel and powerful” Key Negotiation of Bluetooth (KNOB) attack that impersonated the receiver of sensitive files and transmitted encrypted commands to unlock a […]

Zero-Day exploit allows file overwriting on Windows

windows10 0day

A new zero-day vulnerability has been disclosed for the Windows operative system. This is the fourth exploit disclosed in just as many months by the security researcher under the alias of SandboxEscaper. She first announced on December 25 that on New Year she would release publicly the PoC for a new bug in Windows, however […]

EU approves bug bounty programs for 15 open source projects

european union

The European Union will be funding bug bounty programs for 15 open source projects starting January 2019, announced EU Parliament Member Julia Reda. The initiative is part of the third edition of the Free and Open Source Software Audit (FOSSA) project, and targeting some major Open Source projects in the market. The FOSSA project came […]

Security Flaw discovered on Electron-Based Apps


Electron (formerly Atom Shell) is an open-source framework developed and maintained by GitHub. Electron allows building cross-platform desktop applications with web technologies such as HTML, CSS and JavaScript, by combining the Chromium rendering engine and Node.js into a single runtime. Electron is widely used, with Apps built on top of it including Microsoft Visual Studio […]

Faulty npm update crashes thousands of Linux Systems


npm, a widely well-known and vastly popular package manager for the JavaScript programming language, packed with the runtime environment Node.js, that includes a command-line client (npm), packed a critical bug on it’s latest npm v5.7.0 update. This bug was found and first reported on GitHub only three hours after the update was released. According to Jared […]