The rigidity of web application security controls has left the enterprise vulnerable to data breach.
Any number of industry pundits have noted the prevalence of major vulnerabilities this year, especially when accounting for Heartbleed, Shellshock and POODLE.
Security firm Zimperium detected attacks in the wild over the past six to eight months.
A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.
An advisory was issued on Wednesday regarding a denial-of-service vulnerability in Drupal 7 and a session hijacking flaw in Drupal 6 and 7.
Three buffer overflow vulnerabilities identified in Hikvision digital video recorder devices can, if exploited, enable a remote attacker to gain full control of the device.
Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.
More and more corporate activities are being undertaken by employees depending on iPhones, iPads, laptops and other mobile devices.
Security firm Symantec calls the cyberespionage campaign "Operation CloudyOmega."
Apple maintains that customers aren't at-risk targets for the Masque Attack if they operate within the App Store. Meanwhile, US-CERT issued a warning regarding the attack.
Neglecting to implement the Patch Tuesday fix for both bugs could prove dangerous, researchers say.
Researchers at Integrity Labs say the vulnerability, if left unpatched, could allow attackers to gain control over affected devices.
Software updates are now available for the Flash player and Adobe AIR after vulnerabilities were found that could give attackers the ability to execute code or escalate privileges on a machine.
Among the updates is a critical fix for a Windows OLE flaw, marking a second patch for the bug.
The anonymity software's moderators aren't entirely sure how up to 50 illicit websites were discovered and shut down this past week.
A Swedish hacker says he won't divulge details of the vulnerability until January, after Apple patches it.
Wearable devices efficiently monitor user activity, but also open new targets for malware authors, reports Alan Earls.
Threat of the month: Bash bug/Shellshock
Simulation exercises show how companies should respond under a cyberattack, says HHS's Sara Hall. Teri Robinson reports.
Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.
Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.
Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks.
The bug, CVE-2014-6352, has a temporary solution, but still no permanent fix from Microsoft.
While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.
The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.
Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.
Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.
The iOS 8.1 update comes with a fix to a vulnerability known as POODLE, which can enable an attacker to decrypt data protected by SSL.
Apple OS X Yosemite includes fixes for more than 40 vulnerabilities, including POODLE and Shellshock.
Sign up to our newsletters
SC Magazine Articles
- Microsoft report explores dangers of running expired security software
- Survey: real-time SIEM solutions help orgs detect attacks within minutes
- Android malware 'NotCompatible' evolves, spawns resilient botnet
- Vulnerabilities identified in three Advantech products
- State Department hack may be tied to White House network breach
- Operators disable firewall features to increase network performance, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Upping the ante: PCI Security Standard
- Study: Third of employees use company devices for social media and online shopping
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Swedish appeals court nixes Assange's plea
- Critical XSS vulnerability addressed in WordPress
- The Internet of Things (IoT) will fail if security has no context