Vulnerabilities

Documents on NSA's zero-day policy provide little insight, EFF says

Documents on NSA's zero-day policy provide little insight, EFF says

By

The Electronic Frontier Foundation obtained government documents about its use of zero-days and its policy for when to disclose them.

Bitcoin blockchain exploitation could allow for malware spreading

By

A Kaspersky researcher found that the cryptocurrency's ledger can be used to store malware control mechanisms or provide access to illicit content.

Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014

Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014

By

The number of product vulnerabilities reported in 2014 jumped up 18 percent, according to research from Secunia.

Vulnerability found in popular hotel routers

By

A flaw in InnGate routers could allow an a attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel's reservation and keycard systems.

GE, MACTek update products using vulnerable HART DTM library

By

Four GE products and one MACTek product are impacted by the vulnerability, according to ICS-CERT.

Android vulnerability leaves apps open to malicious overwriting

Android vulnerability leaves apps open to malicious overwriting

By

Palo Alto Networks detailed a vulnerability in the way apps are saved on Android in a Tuesday blog post.

Vulnerability found in Hilton HHonors Awards system

By

The flaw could have allowed an attacker to hijack any account and execute actions, including redeeming awards points for travel or hotel reservations.

Drupal SQL injection vulnerability attacks persist, despite patch release

Drupal SQL injection vulnerability attacks persist, despite patch release

By

Although a highly critical Drupal SQL injection vulnerability was patched nearly six months ago, attackers continue to successfully exploit websites that have failed to update their systems.

Researchers earn $442,500 at Pwn2Own 2015

By

The two-day hacking competition ended on Thursday.

Study: Mobile app security risk well-known, but enterprises lack proper usage policy

Study: Mobile app security risk well-known, but enterprises lack proper usage policy

By

Although most IT professionals believe mobile apps in the workplace have increased security risks, less than half of organizations have a policy in place to define acceptable mobile app use.

OpenSSL Project issues 12 patches in Thursday update

By

OpenSSL Project issued multiple patches on Thursday to address security vulnerabilities, including two of "high" severity.

Rogers victimized by ransomware

By

A misstep by an IT employee of Canadian communications conglomerate Rogers Communications allowed the contractual information of 50-70 of the company's business customers to be exposed via Twitter.

Google Project Zero exploit 'rowhammer' hardware bug

Google Project Zero exploit 'rowhammer' hardware bug

By

Researchers were able to exploit a hardware bug, called "rowhammer," to obtain kernel privileges.

FireEye scans popular Android and iOS apps, nearly 2K vulnerable to FREAK

By

The SSL/TLS vulnerability FREAK can be exploited to force an HTTPS connection to use weaker and, therefore, easier to crack encryption.

Apple releases Safari updates

By

Apple released Safari 8.0.4, Safari 7.1.1, and Safari 6.2.4 for Mountain Lion, Mavericks, and Yosemite on Tuesday.

Western Union launches bug bounty program with Bugcrowd

By

Bugcrowd partnered with Western Union to launch the company's public bug bounty program this past week.

Cryptography Services launches security audit for OpenSSL

By

The NCC Group's Cryptography Services confirmed its plans to launch an audit of OpenSSL earlier this week with the first results planned to come out this summer.

More than 600 cloud services still vulnerable to FREAK, data shows

By

Scanning its registry of more than 10,000 services, Skyhigh Networks determined that 685 cloud services are still vulnerable to FREAK.

Adobe issues patches addressing 11 vulnerabilities in Flash Player

By

Windows, Macintosh and Linux users of the software are urged to update to the latest versions available.

Microsoft tries, again, to plug Stuxnet attack path

By

Years after shipping its first patch for the vulnerability, the tech giant has attempted to plug the hole again.

Serious bug in Dropbox SDK for Android disclosed by IBM

Serious bug in Dropbox SDK for Android disclosed by IBM

By

The flaw could ultimately expose user data, saved to Dropbox through vulnerable third-party apps, to attackers.

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks

By

The tech giant released five critical patches and nine important updates.

Bug in WordPress plugin can be exploited to take full control of website

By

Researchers with Sucuri have identified a vulnerability in the MainWP Child plugin for WordPress, and they consider it a critical security risk.

Apple releases iOS 8.2, addresses 'FREAK' flaw

By

Apple released its iOS 8.2 update on Monday to address the "FREAK" vulnerability, as well as to incorporate support for its new Apple Watch.

Facebook login bug lets attackers hijack accounts on Mashable, other sites

Facebook login bug lets attackers hijack accounts on Mashable, other sites

By

A Facebook login bug has gone unfixed for a year, according to a blog.

Understanding SSL best practices

The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Adobe's new bug bounty program rewards researchers with HackerOne rep scores

By

Adobe's new web application vulnerability disclosure program will reward researchers with a boosted reputation score on HackerOne.

Pre-loaded malware found on Xiaomi Mi 4 device, among other issues

By

The smartphone was verified to be a legitimate device by major smartphone distributor Xiaomi.

D-Link issues firmware updates to address router vulnerabilities

By

A researcher notified D-Link of vulnerabilities in one router, and D-Link then expanded the investigation to a number of other devices.

IE exploit added to Angler EK, beats MemProtect mitigation

By

Last year, Microsoft introduced MemoryProtection (MemProtect), which helps deflect attacks leveraging use-after-free vulnerabilities.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US