Vulnerabilities

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, we need to get it right every time

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Facebook scam leads victims to Nuclear exploit kit

By

Researchers at Symantec say attackers are becoming more aggressive and using Facebook scams to exploit users' computers.

Firefox 31 plugs critical memory safety bugs

By

In total, Firefox 31 brings 11 patches for several flaws affecting the web browser.

Wall Street Journal website vulnerable to SQL injection, gets hacked

By

The Wall Street Journal confirmed on Tuesday that an outside party exploited a vulnerability and hacked into its new graphics systems.

Siemens industrial products impacted by four OpenSSL vulnerabilities

By

The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.

Qihoo team cracks Tesla's Model S car, reportedly earns $10K

By

The SyScan +360 conference offered a $10,000 prize to anyone who uncovered vulnerabilities in Tesla's Model S car, which the automaker vowed to fix.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

By

A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.

Severe RCE vulnerability affects several Cisco products

Severe RCE vulnerability affects several Cisco products

By

An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.

Oracle releases 113 bug fixes in Critical Patch Update

Oracle releases 113 bug fixes in Critical Patch Update

By

The most critical flaws were in Java and Oracle Database Server.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are pointless but preparation is key

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.

Active Directory flaw opens enterprise services to unauthorized access

Active Directory flaw opens enterprise services to unauthorized access

By

Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.

Apple blocks outdated Flash plug-ins to ward off Rosetta Flash attacks

By

Apple published a security notice saying that older versions of Adobe Flash contain vulnerabilities that can be exploited by Rosetta Flash.

Kaspersky quickly addresses XSS flaw impacting company website

By

A cross-site scripting flaw impacting a Kaspersky website was quickly addressed by the security software company.

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

By

Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.

Researcher identifies XSS bug impacting Kaspersky website

By

A cross-site scripting vulnerability identified on the Kaspersky website could enable an attacker to steal a variety of data.

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

Microsoft addresses 29 bugs in IE, Windows, with six bulletins

By

In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.

HotelHippo shuts down permanently after security flaws discovered

By

HotelStayUK shut down its HotelHippo booking site for good amidst assurances that other sites in the group are unaffected by security woes.

Microsoft plans six Patch Tuesday fixes, RCE bugs in 'critical' batch

Microsoft plans six Patch Tuesday fixes, RCE bugs in 'critical' batch

By

Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.

EFF sues NSA in bid for records related to Heartbleed disclosure

EFF sues NSA in bid for records related to Heartbleed disclosure

By

Frustrated by the NSA dragging its heels on a FOIA request, the EFF takes the NSA to court to secure records on vulnerabilities disclosure criteria.

HotelHippo offline after security pro finds flaws

By

A HotelHippo customer who happens to be a security consultant found multiple security flaws when he tried to book accommodations.

Netflix goes open-source with AWS security tool

By

Dubbed Security Monkey, the latest tool is now available on the company's GitHub site for developers that utilize Amazon Web Services.

Apple updates address flaws in Mavericks, Safari, iOS, and Apple TV

By

Apple addressed various vulnerabilities in Mavericks, Safari, iOS and Apple TV, several of which can enable arbitrary code execution.

Google patches buffer overflow flaw in Android KeyStore service

By

The serious buffer overflow vulnerability affects Android 4.3, or devices running Jelly Bean.

Defense in depth: Why the Heartbleed bug is a major wake-up call

Defense in depth: Why the Heartbleed bug is a major wake-up call

Beyond a reasonable doubt is that using a defense in depth strategy makes it substantially more difficult for cyber criminals to obtain sensitive information.

AskMen.com changes original statement, says readers were exposed to malware

By

AskMen.com changes its original statement and reveals that roughly 0.1 percent of its readers were exposed to malware.

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

RCE vulnerability in TimThumb's WebShot feature puts WordPress users at risk

By

The WebShot feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, is affected by a remote code execution vulnerability.

PayPal addresses two-factor authentication bypass

PayPal addresses two-factor authentication bypass

By

A vulnerability exists that allows anyone with legitimate account credentials to bypass two-factor authentication on some of PayPal's mobile applications.

Tech savvy homeowners expect connected homes, worry about privacy, breaches

By

A survey finds that homeowners, particularly in India, are concerned about privacy and breaches as the Internet of Things becomes a reality.

2012 RCE bug is still highly exploited in targeted attacks, Trend Micro finds

2012 RCE bug is still highly exploited in targeted attacks, Trend Micro finds

By

A patch was issued for CVE-2012-0158 in April 2012, but Trend Micro found that it is the most commonly exploited vulnerability related to targeted attacks in the second half of 2013.

LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default

LinkedIn accounts can easily be taken over if HTTPS is not always enabled by default

By

LinkedIn users that do not have HTTPS always enabled by default are at risk of having their accounts taken over in a man-in-the-middle attack.

Sign up to our newsletters

POLL