Vulnerabilities & Flaws
Microsoft is prepping fixes for 10 vulnerabilities, with researchers' expecting the highest-priority fixes to involve issues in Internet Explorer and Exchange.
A Windows vulnerability that Microsoft patched back in April continues to be used in targeted attacks against political, industrial and defense organizations.
Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.
Months after he was forced to shelve the talk, InGuardians researcher Don Weber on Wednesday unveiled a framework that utilities and meter makers can use to assess smart meters.
Two research presentations set to be delivered next week in Las Vegas will shine the spotlight on the vulnerability of smart meters.
Better coordination, actionable information, and risk awareness are needed to protect the country's critical infrastructure, especially the power grid, according a congressional watchdog report.
Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.
In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.
The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.
Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, but it is unclear if a zero-day vulnerability in XML Core Services, which is under active exploit, will be remediated.
One of the most easily accessible commercial exploit toolkits has been updated to take advantage of an unpatched Windows vulnerability that spreads through Internet Explorer.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
A flaw in Apple's popular music player allows for miscreants to execute remote code.
Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.
As part of its regularly scheduled patch release, Microsoft issued fixes for gaping vulnerabilities in Internet Explorer and Remote Desktop Protocol. The software giant also released a new feature that, in the wake of the Flame virus, enables certificates to be automatically updated.
Adobe on Friday released a new version of its popular Flash Player to patch seven vulnerabilities, according to a bulletin.
The fixes are set to address 25 vulnerabilities, covering Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX and the .NET Framework.
Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.
When the latest version of the most popular operating system (OS) in the world is released in October, researchers in search of vulnerabilities will flock to the shiny, new platform.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
Apple and Adobe this week released patches for vulnerabilities that could enable attackers to execute malicious code.
Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
Microsoft on Tuesday plans to dispense seven patches to correct 23 security vulnerabilities.
Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
The leak of details regarding a major Windows bug, which resulted in the removal of DPTech Technologies as a trusted Microsoft partner, calls into question how impervious a vulnerability sharing program can be.
Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.
A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
Google has significantly increased its finder's fee for vulnerability researchers.
WordPress installations received a security upgrade on Friday to patch a number of vulnerabilities.
Sign up to our newsletters
SC Magazine Articles
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Study: Employees acknowledge risky security behavior, continue to engage in it
- Hack of airplane systems described in FBI docs raises security questions
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- Thousands of Bellevue Hospital Center patients notified of data breach
- Study: 86 percent of websites contain at least one 'serious' vulnerability
- Investigation ongoing in reported multimillion member Adult FriendFinder breach
- Report: $19M breach settlement between MasterCard, Target terminated
- FTC gives thumbs up to companies that cooperate during breach probes