GM's OnStar RemoteLink mobile application contains a vulnerability that can enable an attacker to identify, start a vehicle and more.
Yahoo's Interim CEO Ramses Martinez detailed the company's bug bounty program's successes since its creation in 2013.
Trend Micro has identified a new Android denial-of-service bug that can be exploited to make devices unresponsive and practically unusable.
A pair of security researchers discovered a way to hack into a TrackingPoint self-aiming rifle through its Wi-Fi network.
Researcher Sijmen Ruwhof uncovered several critical security vulnerabilities in PHP File Manager that leave user data unprotected.
Researchers at Trend Micro discovered a security flaw in Skoda automobiles that could allow an attacker to spy on vehicle data.
Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.
HP's Zero Day Initiative (ZDI) disclosed four unpatched zero-day vulnerabilities in Internet Explorer Mobile that enable web-based attacks.
A pair of researchers discovered an exploit in Uconnect-enabled Fiat Chrysler vehicles that allows an attacker to take control of the vehicle.
All ten smartwatches tested by HP Fortify reported significant security vulnerabilities, along with their Android and iOS cloud and mobile application components, according to a new report.
The XSS vulnerability can be exploited to compromise an affected website, but certain conditions must first be met.
High-Tech Bridge released advisories on Wednesday that detail medium risk vulnerabilities in two WordPress plugins.
The Google Chrome team promoted Chrome 44 to the stable channel for Windows, Mac and Linux on Tuesday.
The Office of Personnel Management (OPM) rewrote its privacy regulations to allow legislators and outside entities to look through its databases for signs of data breaches.
If successfully exploited, the remote code execution vulnerability can enable an attacker to take full control of the affected system
Windows XP infections are set to skyrocket as Microsoft finally ends support for its anti-malware and malicious software removal tool.
The updates address a denial-of-service vulnerability in Videoscape Distribution Suite for Internet Streaming and Videoscape Distribution Suite Service Broker.
The U.S. Department of the Interior received an Inspector General report that pointed out nearly 3,000 vulnerabilities in its system.
A recently patched vulnerability in Siemens energy automation systems could have allowed an attacker to gain unauthorized control of the device.
Mathy Vanhoef and Frank Piessens indicated that their technique is so effective that users may want to consider not using the RC4 encryption algorithm.
The update includes 25 security fixes for Oracle Java SE, and seven of the bugs received a CVSS Base Score score of 10.0.
With credit card data theft growing at an alarming rate and undermining consumer confidence, organizations are investing in their network security for PCI compliance - only to realize that being compliant does not mean they're protected against advanced cyberattacks.
Cyber-espionage group 'Pawn Storm' has been exploiting an unusual Java zero-day vulnerability to carry out drive-by-download attacks on a NATO country and US defence company, according to Trend Micro.
This month, Microsoft released four critical patches and 10 bulletins ranked "important."
The Flash Player updates are for Windows, Macintosh and Linux and address two critical bugs that were identified in the Hacking Team leaks.
United Airlines paid a security researcher one million air miles for finding vulnerability and submitting it to the airline's bug bounty program.
Both Adobe Flash Player vulnerabilities are being reported by security researchers as zero-day bugs that came out of the recent Hacking Team leaks.
A pair of security firms observed an uptick in Dyre infections with new variants exploiting a vulnerability already patched by Microsoft.
The National Telecommunications and Information Administration (NTIA) announced on Thursday plans to launch its first cybersecurity "multistakeholder process" with a focus on vulnerability disclosure.
According to ESET researchers, APT28 started using the Flash exploit on Wednesday, the same day Adobe released a patch for the issue.
Sign up to our newsletters
SC Magazine Articles
- Zero-day in Fiat Chrysler feature allows remote control of vehicles
- 'GSMem' malware designed to infiltrate air-gapped computers, steal data
- United reportedly hacked by same group that breached Anthem, OPM
- All smartwatches are vulnerable to attack, finds study
- Security concerns raised at Windows 10 roll-out
- NYU conference encourages women to pursue cybersecurity
- Modular Potao malware used to spy on targets in Ukraine, Russia
- GM says OnStar app flaw fixed, researcher says still exploitable
- TV5Monde in chaos as data breach costs roll into the millions
- Four McLean Hospital backup data tapes go missing, thousands affected