Vulnerabilities

Understanding SSL best practices

The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Top Android tablets for children riddled with security lapses, study finds

Top Android tablets for children riddled with security lapses, study finds

By

Bluebox Security analyzed the top nine Android tablets for children and found that the majority had multiple security issues that could put childrens' data at-risk.

PlugX APT group uses backdoor in India campaign

By

A five-month-long campaign against organizations in India shows the group is active and evolving, SophosLab reports.

Firm finds 'high risk' bugs in SAP BusinessObjects software

By

The enterprise software flaws could allow attackers to access customer data, financial info and other critical data at companies.

Google cancels annual Pwnium competition to accept year-round bug discoveries

By

Pwnium, an annual Google bug bounty event, is being canceled and replaced by rewards given out throughout the year.

Google Cloud Security Scanner released in beta

Google Cloud Security Scanner released in beta

By

Google is providing developers with a multipipe approach to scanning applications for security flaws.

FireEye shares details on 'Masque Attack II' affecting iOS devices

By

Masque Attack II entails bypassing an iOS prompt for trust and app URL scheme hijacking, FireEye said.

Netgear router issues could allow auth bypass, info disclosure

By

A researcher disclosed details on the vulnerability, which affects several Netgear router models.

Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks

Lenovo PCs shipped with 'Superfish,' adware that opens users to MitM attacks

By

After facing backlash, Lenovo removed the software from its computers.

Facebook pays researcher $12,500 for discovering photo bug

Facebook pays researcher $12,500 for discovering photo bug

By

A techie in India discovered a vulnerability that allowed him to delete victims' Facebook photos and albums.

Popular dating apps tested, over 60 percent have medium to severe flaws

Popular dating apps tested, over 60 percent have medium to severe flaws

By

Findings from IBM serve as a reminder this Valentine's Day to boost mobile security efforts, even when dealing with apps from so-called "trusted" marketplaces.

Forbes.com attackers exploited zero-days in Flash, IE

Forbes.com attackers exploited zero-days in Flash, IE

By

Security researchers said the attack was likely the work of a Chinese espionage group aiming to penetrate the systems of financial services and defense contracting firms.

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

By

It took Microsoft a year to patch the critical Windows bug allowing remote code execution (RCE).

Researchers identify buffer overflow vulnerability in Advantech device

Researchers identify buffer overflow vulnerability in Advantech device

By

Core Security researchers said that the vulnerability in EKI-1221D can be exploited remotely by attackers to execute arbitrary code.

Researchers analyze Bedep malware linked to Flash Player attacks

By

In various campaigns, attackers have exploited Flash bugs to spread the malware, Trend Micro found.

Zero-day bug identified in popular FancyBox WordPress plugin

Zero-day bug identified in popular FancyBox WordPress plugin

By

The developers of FancyBox have issued a patch to address the bug, which was actively being exploited in the wild.

Report compares exploit skills of APT actors, other malware groups

Report compares exploit skills of APT actors, other malware groups

By

A technical paper challenges the misconception that APT groups are inevitable "masters of exploitation."

Hacker comandeers baby monitor, terrifies nanny

By

A Houston nanny got an IT security reality check this past week when an anonymous voice came through the baby monitor of the child she was watching.

Understanding web bots and how they hurt your organization

The internet is literally crawling with bots. Millions of them scour the farthest reaches of the internet every day, indexing content, testing connections, and making the web more useful overall.

Apple fixes 33 security bugs with iOS 8.1.3 update

Apple fixes 33 security bugs with iOS 8.1.3 update

By

Apple fixed a number of flaws with its latest iOS update and improved stability and performance.

Google launches Vulnerability Research Grants program

By

The new program will be rewarding security researchers for discovering vulnerabilities before they even begin their research.

Tidal waves of spoofed traffic: DDoS attacks

Tidal waves of spoofed traffic: DDoS attacks

By

Recent takedowns of Sony and Xbox networks prove that no matter how large the entity, they can be knocked offline.

Russian dating site rewards hacker for amassing email database and 'discovering vulnerability'

By

After 20 million of its dating site users' email addresses were put up for sale online, Topface tracked down the hacker behind the amassed database and paid him "an award for finding a vulnerability.

xHamster malvertising campaign exploits Adobe zero-day

By

The number of infections for a malvertising campaign originating on an adult website rose by 1500 percent in a two-day period.

GitHub raises max bug bounty award to $10K

By

The source code sharing website will up its maximum payout from $5,000 to $10,000 in its bug bounty program's second year.

The ying and the yang of cloud security: Detection & incident response

While the cloud has fundamentally changed the way we do business, it has left organizations feeling vulnerable to attacks. Enterprise security architectures are being extended to include data security for the cloud.

'GHOST' bug in Linux library enables remote takeover of victim's system

'GHOST' bug in Linux library enables remote takeover of victim's system

By

Qualys has identified a buffer overflow vulnerability in the Linux GNU C Library that, if exploited, could enable an attacker to remotely take complete control of a victim's system.

Researcher commandeers drone through Maldrone backdoor

By

A security engineer from Citrix demonstrated the Maldrone malware that he built as a backdoor to control drones.

Marriott fixes Android app issue that may have exposed personal data

By

The hotel chain has addressed a weakness in its Marriott International Android app that could have allowed attackers to access customer data, including credit card information.

Adobe releases another Flash zero-day fix

By

The use-after-free vulnerability was being exploited in drive-by-download attacks, Adobe warned.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US