Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.
Mozilla has issued patches for 14 vulnerabilities, four which are deemed "critical," in the latest edition of its Firefox browser.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
Google has significantly increased its finder's fee for vulnerability researchers.
A cross-site scripting vulnerability being exploited in the wild has prompted Adobe to issue an update to its Flash Player, a move that may catch security pros off guard.
The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.
Hackers are actively exploiting a cross-site scripting vulnerability in Adobe's Flash Player, the company revealed Sunday.
A new report from Veracode paints a grim picture of the security built into application software.
McAfee's website suffers from a number of vulnerabilities, which could allow cross-site scripting (XSS) attacks and information disclosure, researchers warned this week.
Popular blogging platform WordPress on Monday released version 3.0.5 to patch a number of vulnerabilities that could allow a contributor- or author-level user to execute cross-site scripting attacks or siphon sensitive information. The company stated that the update also improves security of plug-ins "which were not properly leveraging our security API." US-CERT recommends that WordPress users install the update. - GM
Microsoft on Friday warned of a new Windows scripting vulnerability that could result in information disclosure.
WordPress is urging customers to install the latest version of its popular blogging software to close a "core security bug" that could be exploited to launch cross-site scripting attacks against vulnerable installations. Version 3.0.4 fixes the "critical" issue, present in the HTML sanitation library, and is available for download. "I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for," Matt Mullenweg, WordPress creator, wrote in a blog post on Wednesday. "In the spirit of the holidays, consider helping your friends as well. - DK
Much of the software that the U.S. government is running can be successfully exploited, said Dan Shoemaker, professor at the University of Detroit Mercy, at SC World Congress last week.
Google on Monday announced plans to extend its existing Chrome browser bounty program to cover some of its other properties, such as YouTube, Blogger and Orkut.
The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers
Security giant Symantec said it has secured its "Hack is Wack" contest website after researchers discovered it was riddled with vulnerabilities.
Cybercriminals were out in full force over the Independence Day weekend, launching attacks on some of the world's most popular online destinations: YouTube and iTunes.
A Twitter user has demonstrated a cross-site scripting (XSS) vulnerability on the microblogging platform that could allow an attacker to take over users' accounts or spread malware.
Injection flaws and cross-site scripting are the two most critical web application security flaws, according to the newly updated version of the OWASP Top 10.
The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.
Google on Tuesday fixed a cross-site scripting (XSS) vulnerability in the "Google Buzz for mobile" website that could have allowed an attacker to hijack user's accounts.
A cross-site scripting vulnerability affecting the Pentagon website is not a major security threat -- but it could turn into one, said a researcher who examined the bug.
A new point of entry has been discovered in Adobe Flash that allows attackers to infect any website which permits visitors to upload content, a researcher claims.
Web application vulnerabilities remains the primary avenue of attack for cybercriminals, according to a new report.
Reddit is the latest Web 2.0 site to be slowed by a cross-site scripting attack.
Because of the bug, an attacker could potentially capture account credentials, redirect a user to any site, alter a user's tweets or followers, or send messages from a compromised account.
Sign up to our newsletters
SC Magazine Articles
- DDoS attacks enter new frontier with Portmapper
- John McAfee points to lone woman as Ashley Madison attacker while company offers reward
- Sandbox violation in Apple's iOS affects MDM users, could enable breaches
- Outsourcing IT security continues to grow, study finds
- Judge grants father in custody case access to ex-wife's Facebook profile
- Audit report finds sensitive data at risk for at least 73 Callif. agencies
- License plate reader helps spot Virginia killer, but privacy issues remain
- DD4BC are DDoS attack driving force, new report claims
- Researchers uncover possible Iranian-backed phishing scam
- After online report, Twitter user denies involvement in Ashley Madison hack