Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Vulnerabilities

More Mac security updates to extinguish Flashback trojan

May 15, 2012

To further stop the spread of the Flashback trojan, Apple on Monday released two security updates for Mac OS X 10.5 (Leopard).
 

Bounties keep reported bug count low, but severity high

April 18, 2012

Researchers are focusing on higher-risk vulnerabilities more than ever thanks to an increased interest in selling their finds to legitimate buyers.
 

GAO calls on feds to better address supply chain risk

March 27, 2012

The GAO, which performs audits, evaluations and investigations on behalf of Congress, examined four agencies whose duties involve national security: the Energy, Homeland Security, Justice and Defense departments.
 

Mozilla releases patches for "critical" vulnerabilities in Firefox 11

March 16, 2012

Mozilla released patches for 12 vulnerabilities in Firefox 11, the newest version of its web browser.
 

Code surety: Secure by design

Deb Radcliff March 01, 2012

More-than-decade-old bugs still plague web applications, and the challenge is only growing for programs migrating to the cloud. But new frameworks and heightened awareness can mitigate the threat.
 

Out-of-band fix for Adobe Reader security issue coming Friday

December 15, 2011

An out-of-cycle patch is coming to fix a flaw in Adobe Reader and Acrobat 9 for Windows.
 

Chrome 16 includes 15 vulnerability fixes

December 14, 2011

Google on Tuesday released Chrome 16, which includes fixes for 15 security vulnerabilities.
 

"Critical" Microsoft security bugs at lowest level since 2005

December 14, 2011

Microsoft officials credit more robust software security design with a diminished number of bugs garnering the tech giant's most severe rating.
 

Oracle updates Java, Adobe patches ColdFusion

December 13, 2011

An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
 

"Significant" security threats found in Android devices

December 02, 2011

Android phones from leading manufacturers -- including HTC, Motorola and Samsung -- contain pre-loaded applications that do not properly enforce the platform's permission-based security model.
 

Microsoft releases four security patches, one critical

November 08, 2011

Microsoft on Tuesday patched one "critical" vulnerability, plus three other less-severe flaws. Not patched, as expected, is a bug related to the Duqu trojan.
 

Apple kicks bug hunter out of its developer program

November 08, 2011

Apple booted famed researcher Charlie Miller from its developer program after he created an iPhone app that exploits a code-execution vulnerability.
 

Thousands of WordPress sites sucked into BlackHole

Darren Pauli, editor, SC Magazine, Australia/New Zealand November 01, 2011

Hackers have compromised a huge number of sites hosting WordPress blogs because of a vulnerable image script.
 

Facebook to extend bug bounty program

November 01, 2011

At some point in the future, Facebook plans to begin asking researchers to review code that has not yet been released, according to Joe Sullivan, CSO at Facebook.
 

The bug hunt

November 01, 2011

Recognizing their code bases contain weaknesses and are prime targets for attackers, software companies such as Facebook are beginning to view the research community as more friend than foe.
 

Oracle patches "Apache Killer" flaw in HTTP Server

September 16, 2011

A vulnerability could allow attackers to crash Oracle HTTP Server products based on Apache 2.0 or 2.2.
 

Zero-day holes found in Blackboard platform

Darren Pauli, editor, SC Magazine, Australia/New Zealand edition September 16, 2011

Vulnerabilities in the Blackboard Learn platform have the potential to affect millions of school and university students and thousands of institutions around the world.
 

Adobe issues critical updates for Flash, Shockwave

August 10, 2011

Critical updates were released for Adobe Flash Player, Flash Media Server, Shockwave Player and Photoshop CS5.
 

Zero-day flaw affects popular WordPress image utility

August 02, 2011

Hackers are exploiting a zero-day vulnerability affecting an image resizing utility, possibly impacting a large number of WordPress sites.
 

Facebook offers $500 bounty for security bugs

August 01, 2011

The company joins several other high-profile web brands by providing awards to researchers who privately disclose flaws, such as cross-site scripting.
 

DHS unveils new programs for software security

June 27, 2011

Software buyers may soon have access to more secure offerings, thanks to a new scoring system that will allow end-users to demand more assurance.
 

Apple updates Snow Leopard, preps for Lion

June 24, 2011

Apple on Thursday released an update to Mac OS X Snow Leopard (10.6), closing multiple vulnerabilities that could allow an attacker to run malicious code on an affected system.
 

Standardized vulnerability reporting framework unveiled

May 17, 2011

The new Common Vulnerability Reporting Framework (CVRF) was designed to provide a common method for the creation, dissemination and consumption of security vulnerability data.
 

Adobe to fix zero-day Flash vulnerability this week

April 14, 2011

Adobe is set to release an emergency update on Friday to its Flash Player for Windows, Mac, Linux and Solaris, shoring up a zero-day vulnerability disclosed earlier this week. Users of Flash for Google Chrome will receive the update on Thursday via the browser's auto-update mechanism. Attackers are actively exploiting the flaw under the guise of a legitimate Microsoft Word document, Adobe has warned. The company expects to provide an update no later than the week of April 25 for Adobe Acrobat X and earlier for Windows and Mac, Adobe Reader X for Mac and Adobe Reader 9.4.3 and earlier for Windows and Mac. Adobe Reader X for Windows is expected to be updated with the next quarterly release, scheduled for June 14.
 

Microsoft's April patch batch to address 64 flaws

April 07, 2011

Microsoft's planned security update for next week likely will include a fix for a vulnerability that is being actively exploited.
 

Number of reported vulnerabilities spiked in 2010

April 06, 2011

System flaws and exploits dramatically jumped last year, but the news is not all bad, as many of the bugs were discovered by their creators.
 

McAfee working to fix XSS, information disclosure flaws

March 29, 2011

McAfee's website suffers from a number of vulnerabilities, which could allow cross-site scripting (XSS) attacks and information disclosure, researchers warned this week.
 

Oracle patches 21 vulnerabilities in Java

February 18, 2011

In its February Critical Patch Update (CPU) released this week, Oracle is patching 21 vulnerabilities across its popular Java SE and Java for Business products. In a release, the company said 19 of the Java flaws affecting the Java Runtime Environment could be exploited remotely in network attacks without needing a username and password. Eight of the patches come with the highest rating on the Common Vulnerability Scoring System (CVSS). Oracle is "strongly" urging customers to apply the new fixes, as well as previous patches, as soon as possible. - GM
 

Microsoft kicks off 2011 with light patch load

January 11, 2011

Tuesday's security update is comprised of two fixes for three vulnerabilities, but it does not address two publicly known flaws.
 

Microsoft upset over Google researcher's tool release

January 03, 2011

A potentially exploitable zero-day vulnerability in Internet Explorer, detailed by a Google researcher who created a fuzzing tool to find browser flaws, is under investigation by Microsoft.
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws