Vulnerabilities & Flaws
Microsoft is prepping fixes for 10 vulnerabilities, with researchers' expecting the highest-priority fixes to involve issues in Internet Explorer and Exchange.
A Windows vulnerability that Microsoft patched back in April continues to be used in targeted attacks against political, industrial and defense organizations.
Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.
Months after he was forced to shelve the talk, InGuardians researcher Don Weber on Wednesday unveiled a framework that utilities and meter makers can use to assess smart meters.
Two research presentations set to be delivered next week in Las Vegas will shine the spotlight on the vulnerability of smart meters.
Better coordination, actionable information, and risk awareness are needed to protect the country's critical infrastructure, especially the power grid, according a congressional watchdog report.
Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.
In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.
The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.
Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, but it is unclear if a zero-day vulnerability in XML Core Services, which is under active exploit, will be remediated.
One of the most easily accessible commercial exploit toolkits has been updated to take advantage of an unpatched Windows vulnerability that spreads through Internet Explorer.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
A flaw in Apple's popular music player allows for miscreants to execute remote code.
Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.
As part of its regularly scheduled patch release, Microsoft issued fixes for gaping vulnerabilities in Internet Explorer and Remote Desktop Protocol. The software giant also released a new feature that, in the wake of the Flame virus, enables certificates to be automatically updated.
Adobe on Friday released a new version of its popular Flash Player to patch seven vulnerabilities, according to a bulletin.
The fixes are set to address 25 vulnerabilities, covering Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX and the .NET Framework.
Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.
When the latest version of the most popular operating system (OS) in the world is released in October, researchers in search of vulnerabilities will flock to the shiny, new platform.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
Apple and Adobe this week released patches for vulnerabilities that could enable attackers to execute malicious code.
Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
Microsoft on Tuesday plans to dispense seven patches to correct 23 security vulnerabilities.
Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
The leak of details regarding a major Windows bug, which resulted in the removal of DPTech Technologies as a trusted Microsoft partner, calls into question how impervious a vulnerability sharing program can be.
Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.
A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
Google has significantly increased its finder's fee for vulnerability researchers.
WordPress installations received a security upgrade on Friday to patch a number of vulnerabilities.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Vulnerabilities identified in three Advantech products
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context