Vulnerabilities & Flaws

Microsoft set to release nine patches for 10 security bugs

By

Microsoft is prepping fixes for 10 vulnerabilities, with researchers' expecting the highest-priority fixes to involve issues in Internet Explorer and Exchange.

Windows bug, patched in April, continues to wreak havoc

By

A Windows vulnerability that Microsoft patched back in April continues to be used in targeted attacks against political, industrial and defense organizations.

Despite patch, exploits against new Java bug picking up

Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.

Black Hat: Assessing smart meters for hacker footprints, vulnerabilities

By

Months after he was forced to shelve the talk, InGuardians researcher Don Weber on Wednesday unveiled a framework that utilities and meter makers can use to assess smart meters.

Firm releases open-source smart meter assessment tool

By

Two research presentations set to be delivered next week in Las Vegas will shine the spotlight on the vulnerability of smart meters.

Data sharing, standards pose challenges to power grid

By

Better coordination, actionable information, and risk awareness are needed to protect the country's critical infrastructure, especially the power grid, according a congressional watchdog report.

Oracle plans 88 security fixes on Tuesday

By

Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.

Patch Tuesday: Microsoft pushes nine fixes for 16 flaws

By

In addition to 15 other vulnerabilities, Microsoft plugged a gaping Core XML Services hole that was being used in active exploits being foisted through Internet Explorer.

Hackers add Java exploit to BlackHole toolkit

By

The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.

Microsoft to issue nine patches, no word on XML fix

By

Microsoft's monthly security update will be comprised of nine fixes to address 16 vulnerabilities, but it is unclear if a zero-day vulnerability in XML Core Services, which is under active exploit, will be remediated.

BlackHole toolkit updated to target Microsoft XML flaw

By

One of the most easily accessible commercial exploit toolkits has been updated to take advantage of an unpatched Windows vulnerability that spreads through Internet Explorer.

PayPal to offer payment for finding security bugs

By

PayPal has joined the likes of Google and Facebook by announcing Thursday that it will begin paying researchers who discover vulnerabilities on its website.

Hackers spread trojan following Internet Explorer patch

By

Not surprisingly, malware writers have turned out an exploit for an Internet Explorer vulnerability patched last week by Microsoft. At least one site -- Amnesty International Hong Kong -- was hit.

iTunes vulnerability may enable remote code execution

By

A flaw in Apple's popular music player allows for miscreants to execute remote code.

On Patch Tuesday, Microsoft warns of zero-day attacks in IE

By

Separate of the patches it released, Microsoft on Tuesday warned of attacks underway that are targeting a zero-day vulnerability residing in XML Core Services, according to an advisory.

Microsoft patches IE, RDP security vulnerabilities

By

As part of its regularly scheduled patch release, Microsoft issued fixes for gaping vulnerabilities in Internet Explorer and Remote Desktop Protocol. The software giant also released a new feature that, in the wake of the Flame virus, enables certificates to be automatically updated.

Flash gets patched by Adobe

By

Adobe on Friday released a new version of its popular Flash Player to patch seven vulnerabilities, according to a bulletin.

Microsoft prepares seven patches to correct 25 security bugs

By

The fixes are set to address 25 vulnerabilities, covering Windows, Internet Explorer, Visual Basic for Applications, Dynamics AX and the .NET Framework.

Mozilla fixes "critical" bugs in new release of Firefox

By

Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.

The promise of Windows 8

The promise of Windows 8

By

When the latest version of the most popular operating system (OS) in the world is released in October, researchers in search of vulnerabilities will flock to the shiny, new platform.

Exploits greeting users at foreign policy, human rights sites

By

A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.

Apple releases Safari, OS X fixes

By

Apple and Adobe this week released patches for vulnerabilities that could enable attackers to execute malicious code.

Microsoft hands out more Duqu fixes despite prior patch

By

Just when you thought all of the windows that control system recon trojan Duqu used to propagate had been roped off, the software giant releases a new set of fixes.

Why aren't customers dropping Oracle?

Why aren't customers dropping Oracle?

In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.

Twenty-three Microsoft fixes set for Patch Tuesday

By

Microsoft on Tuesday plans to dispense seven patches to correct 23 security vulnerabilities.

Flash flaw being used to deliver email based attacks

By

Adobe on Friday issued an emergency patch for a critical bug in its Flash Player software that is being used in targeted malware attacks.

Chinese firewall maker booted from Microsoft sharing program

By

The leak of details regarding a major Windows bug, which resulted in the removal of DPTech Technologies as a trusted Microsoft partner, calls into question how impervious a vulnerability sharing program can be.

Oracle lists workarounds following zero-day disclosure

By

Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.

Researcher confused over handling of Oracle database bug

By

A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.

Google to offer up to 20K prize for bug finds

By

Google has significantly increased its finder's fee for vulnerability researchers.

Sign up to our newsletters

POLL