Applications provide the path to an organization's coveted assets. And even if they're not public-facing, they still can be a ripe target. We talk to Marcus Prendergast, CSO of ITG, for this month's cover story.
Mozilla has issued patches for 14 vulnerabilities, four which are deemed "critical," in the latest edition of its Firefox browser.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.
Google has significantly increased its finder's fee for vulnerability researchers.
A cross-site scripting vulnerability being exploited in the wild has prompted Adobe to issue an update to its Flash Player, a move that may catch security pros off guard.
The social media giant is "pursuing the appropriate action" against those behind a wave of pornographic content that showed up on users' news feeds this week.
Adobe is rushing a fix for a Flash Player vulnerability that is being actively exploited to launch cross-site scripting attacks.
Hackers are actively exploiting a cross-site scripting vulnerability in Adobe's Flash Player, the company revealed Sunday.
A new report from Veracode paints a grim picture of the security built into application software.
McAfee's website suffers from a number of vulnerabilities, which could allow cross-site scripting (XSS) attacks and information disclosure, researchers warned this week.
Popular blogging platform WordPress on Monday released version 3.0.5 to patch a number of vulnerabilities that could allow a contributor- or author-level user to execute cross-site scripting attacks or siphon sensitive information. The company stated that the update also improves security of plug-ins "which were not properly leveraging our security API." US-CERT recommends that WordPress users install the update. - GM
Microsoft on Friday warned of a new Windows scripting vulnerability that could result in information disclosure.
WordPress is urging customers to install the latest version of its popular blogging software to close a "core security bug" that could be exploited to launch cross-site scripting attacks against vulnerable installations. Version 3.0.4 fixes the "critical" issue, present in the HTML sanitation library, and is available for download. "I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for," Matt Mullenweg, WordPress creator, wrote in a blog post on Wednesday. "In the spirit of the holidays, consider helping your friends as well. - DK
Much of the software that the U.S. government is running can be successfully exploited, said Dan Shoemaker, professor at the University of Detroit Mercy, at SC World Congress last week.
Google on Monday announced plans to extend its existing Chrome browser bounty program to cover some of its other properties, such as YouTube, Blogger and Orkut.
The average website contains nearly 13 "serious" vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations - those with more than 2,500 employees - had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
In a conversation with SC Magazine Deputy Editor Dan Kaplan, Amichai Shulman, co-founder and CTO of Imperva, introduces a new research initiative underway and addresses the automated methods now used by attackers to compromise legitimate websites.
Cybercriminals this week took advantage of a cross-site scripting vulnerability on Twitter that since has been fixed, according to security researchers
Security giant Symantec said it has secured its "Hack is Wack" contest website after researchers discovered it was riddled with vulnerabilities.
Cybercriminals were out in full force over the Independence Day weekend, launching attacks on some of the world's most popular online destinations: YouTube and iTunes.
A Twitter user has demonstrated a cross-site scripting (XSS) vulnerability on the microblogging platform that could allow an attacker to take over users' accounts or spread malware.
Injection flaws and cross-site scripting are the two most critical web application security flaws, according to the newly updated version of the OWASP Top 10.
The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.
Google on Tuesday fixed a cross-site scripting (XSS) vulnerability in the "Google Buzz for mobile" website that could have allowed an attacker to hijack user's accounts.
A cross-site scripting vulnerability affecting the Pentagon website is not a major security threat -- but it could turn into one, said a researcher who examined the bug.
A new point of entry has been discovered in Adobe Flash that allows attackers to infect any website which permits visitors to upload content, a researcher claims.
Web application vulnerabilities remains the primary avenue of attack for cybercriminals, according to a new report.
Reddit is the latest Web 2.0 site to be slowed by a cross-site scripting attack.
Because of the bug, an attacker could potentially capture account credentials, redirect a user to any site, alter a user's tweets or followers, or send messages from a compromised account.
Sign up to our newsletters
SC Magazine Articles
- Malware on Lime Crime website, payment cards compromised
- State breakdowns: Anthem breach by the numbers
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Older vulnerabilities a top enabler of breaches, according to report
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- State breakdowns: Anthem breach by the numbers
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Researchers investigate link between Axiom spy group, Anthem breach
- Top Android tablets for children riddled with security lapses, study finds
- Bulk Reef Supply website compromised, credit cards at risk
- Medical identity theft up 22 percent in 2014, annual report says
- Report: Majority of health-related websites leak data to third parties