Vulnerabilities

Tapping global threat intelligence to secure enterprise networks

On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector

Mitigating employee risk - Keep hires from starting fires

Employees are an organization's greatest asset and greatest risk. With a single click an employee can devastate a business by transferring or damaging huge amounts of data.

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of 'high-risk' bugs

By

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year low

By

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.

Researchers warn of backdoor in Netis, Netcore routers

By

The routers are sold in China under the Netcore brand name, and elsewhere as Netis products.

Hack exposes Secret app confessions

By

Anonymous confessions posted on a popular app, called "Secret," were susceptible to being exposed via a hack.

FireEye examines popular Google Play apps, 68 percent have SSL flaws

FireEye examines popular Google Play apps, 68 percent have SSL flaws

By

The firm analyzed 1,000 free apps in Google Play which were most downloaded by users.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

By

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

By

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

Bug in iOS Instagram app fixed, impacts Facebook accounts

By

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

New website calls out sites, apps, lacking security

By

HTTP Shaming was created by a security consultant to call out apps and web services that put user information at risk.

Vulnerability exploited by Stuxnet still a threat

By

Despite a patch issued four years ago, a vulnerability in XP, Vista, WIndows 7 and Windows Server 2001/2008 is still a threat.

Apple's Safari browser updates available following bug fixes

By

Apple has released version 6.1.6 and 7.0.6 of its Safari browser following patched vulnerabilities recently discovered by its researchers.

SOHOpelessly contest at DefCon yields 15 router flaws

By

In a multi-challenge contest security researchers uncovered vulnerabilities and hacked into routers at the DefCon conference in Las Vegas.

Adobe plugs critical Flash Player vulnerabilities

By

On Tuesday, Adobe released fixes for seven critical bugs in its Flash Player plug-in.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

By

The tech giant's monthly security update includes two critical patches for IE and Windows.

DefCon: Bug bounty programs continue to evolve

By

At DefCon 22 in Las Vegas, Nir Valtman discussed how far bug bounty programs have come in nearly 20 years.

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

By

In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.

DefCon: Traffic control systems vulnerable to hacking

DefCon: Traffic control systems vulnerable to hacking

By

Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.

Black Hat 2014: Experts demo badUSB proof-of-concept tools

Black Hat 2014: Experts demo badUSB proof-of-concept tools

By

A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

By

Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.

Black Hat: SAP systems vulnerable to payment card theft, rerouting payments

By

At Black Hat 2014, Ertunga Arsal demonstrated how he can gain admin access to SAP systems, steal payment card data and reroute payments.

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

By

Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.

Black Hat: Researchers hack into Cisco EnergyWise

Black Hat: Researchers hack into Cisco EnergyWise

By

Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.

Vulnerabilities in WordPress and Drupal enable DoS attacks

By

A researcher has discovered vulnerabilities in WordPress and Drupal that enable XML denial-of-service attacks.

Researcher discusses dynamic analysis of Flash files

By

In this video, F-Secure's Timo Hirvonen chats with Adam Greenberg, reporter at SC Magazine, about the project, as well as the threats aimed at Flash and Java vulnerabilities.

Analyzing the 'Fake ID' Android vulnerability

By

In this video shot at Black Hat 2014 in Las Vegas, Jeff Forristal of Bluebox Security sits with Danielle Walker, reporter at SC Magazine, to discuss the Fake ID Android vulnerability.

Black Hat: Airport security equipment at risk

Black Hat: Airport security equipment at risk

By

Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

By

A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.

PayPal addressing another two-factor authentication bypass

PayPal addressing another two-factor authentication bypass

By

An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.

Sign up to our newsletters

POLL