A server not upgraded with two-factor authentication is the likely way hackers got into JPMorgan's system, the New York Times reported.
Vulnerabilities in Signaling System 7 make it possible for anyone to listen in on phone calls and read text messages, even if encrypted.
An advisory is warning all users of GitHub for Windows and GitHub for Mac to update their clients as soon as possible.
Palo Alto Networks Unit 42 researchers have identified the backdoor on numerous devices, so far leaving more than 10 million users vulnerable.
The vulnerability can enable attackers to steal credentials and personal and business data, as well as infect machines with malware.
The rigidity of web application security controls has left the enterprise vulnerable to data breach.
As we all gear up for the holidays with plans to purchase any number of items online, cyberthieves too are gearing up with more and more creative ways to steal money, credentials and critical data from any number of organizations.
Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux.
Attackers exploiting a bug in the Slider Revolution plugin to compromise WordPress websites with malware may also be targeting zero-day vulnerabilities in Firefox and Internet Explorer 11.
A URL flaw that impacts mobile boarding passes for airlines, such as Southwest and Delta, was discovered on Tuesday.
A researcher identified a cross-site scripting vulnerability affecting the Citibank website, which has yet to be patched.
WordPress websites are being infected with malware through a previously disclosed vulnerability in the Slider Revolution plugin.
BlackEnergy malware may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November.
In a class-action suit filed in federal court, a father-daughter duo accuses Comcast of using their routers to create public Wi-Fi hotspots, increasing their electricity costs and leaving them vulnerable to security issues.
Security researchers believe there are more than 30 vulnerabilities present in the development and hosting platform.
Google has taken steps to diminish the POODLE threat by "killing off SSLv3," but now the flaw threatens Transport Level Security.
Researchers have uncovered XSS vulnerabilities at the travel and car service sites.
A vulnerability in Adobe's Flash Player was not included in its pre-notification security advisory Friday, and is currently being targeted by attackers.
U.S. Senator Ron Wyden introduced the Secure Data Act on Thursday to prohibit federal agencies from mandating that backdoors and other security vulnerabilities be built into U.S. software and electronics.
Upon its release, Windows and Microsoft users are urged to update the software to address the vulnerabilities that have been given a priority rating of "1".
IBM researchers discovered a vulnerability in social login identity providers and their relying websites that left legitimate accounts open to attackers' control.
A Sucuri researcher found a vulnerability that could allow a malicious attacker to take over a user's sites and put them into maintenance mode.
Google issued a Lollipop 5.0.1 update that addresses a bug that could prompt an Android device to reset, deleting files and data.
Any number of industry pundits have noted the prevalence of major vulnerabilities this year, especially when accounting for Heartbleed, Shellshock and POODLE.
The Monday release of Firefox 34 provides fixes for several vulnerabilities and also disables support for SSL 3.0.
Wang Jing wrote that the The Weather Channel's site used URLS to create its tags without filtering malicious script codes, which left them vulnerable to attack.
The latest update of the software provides futher hardening against a vulnerability that was mitigated in the Oct. 14, 2014 release.
The group, APT3, is also believed to be behind Operation Clandestine Fox, which used social engineering to lure victims into installing malware.
Security firm Zimperium detected attacks in the wild over the past six to eight months.
A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.
Sign up to our newsletters
SC Magazine Articles
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- Report: SS7 flaws enable listening to cell phone calls, reading texts
- White House calls Sony hack a "serious national security matter," gov't mulls proper response
- The problem with Big Data
- Solo attacker likely responsible for phishing campaign, delivering Zeus variant