Barnaby Jack, well known for showcasing ATM vulnerabilities, is on his way back to IOActive after a year-long stint with McAfee.
Microsoft is prepping fixes for 10 vulnerabilities, with researchers' expecting the highest-priority fixes to involve issues in Internet Explorer and Exchange.
A Windows vulnerability that Microsoft patched back in April continues to be used in targeted attacks against political, industrial and defense organizations.
Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.
Months after he was forced to shelve the talk, InGuardians researcher Don Weber on Wednesday unveiled a framework that utilities and meter makers can use to assess smart meters.
Two research presentations set to be delivered next week in Las Vegas will shine the spotlight on the vulnerability of smart meters.
Better coordination, actionable information, and risk awareness are needed to protect the country's critical infrastructure, especially the power grid, according a congressional watchdog report.
Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.
In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.
The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.
Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, but it is unclear if a zero-day vulnerability in XML Core Services, which is under active exploit, will be remediated.
One of the most easily accessible commercial exploit toolkits has been updated to take advantage of an unpatched Windows vulnerability that spreads through Internet Explorer.
PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.
Not surprisingly, malware writers have turned out an exploit for an Internet Explorer vulnerability patched last week by Microsoft. At least one site -- Amnesty International Hong Kong -- was hit.
A flaw in Apple's popular music player allows for miscreants to execute remote code.
Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.
As part of its regularly scheduled patch release, Microsoft issued fixes for gaping vulnerabilities in Internet Explorer and Remote Desktop Protocol. The software giant also released a new feature that, in the wake of the Flame virus, enables certificates to be automatically updated.
Adobe on Friday released a new version of its popular Flash Player to patch seven vulnerabilities, according to a bulletin.
The fixes are set to address 25 vulnerabilities, covering Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX and the .NET Framework.
Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.
June 05, 2012
Microsoft warned its users that the same vulnerability used to foist the Flame virus could be employed by seemingly less skillful attackers to compromise computers and plunder information.
June 01, 2012
When the latest version of the most popular operating system (OS) in the world is released in October, researchers in search of vulnerabilities will flock to the shiny, new platform.
May 30, 2012
A report from researchers at the University of Cambridge alludes to vulnerabilities being intentionally inserted into Chinese-manufactured chips used by the military. But at least one security expert called the study light on facts.
Barely a day old, Yahoo's new Axis browser already is facing its first security issue, after source code for its Chrome add-on contained the private key used to sign it.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
Apple and Adobe this week released patches for vulnerabilities that could enable attackers to execute malicious code.
Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.
May 04, 2012
In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
Microsoft on Tuesday plans to dispense seven patches to correct 23 security vulnerabilities.
Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.
