Vulnerabilities

Understanding web bots and how they hurt your organization

The internet is literally crawling with bots. Millions of them scour the farthest reaches of the internet every day, indexing content, testing connections, and making the web more useful overall.

Russian dating site rewards hacker for amassing email database and 'discovering vulnerability'

By

After 20 million of its dating site users' email addresses were put up for sale online, Topface tracked down the hacker behind the amassed database and paid him "an award for finding a vulnerability.

xHamster malvertising campaign exploits Adobe zero-day

By

The number of infections for a malvertising campaign originating on an adult website rose by 1500 percent in a two-day period.

GitHub raises max bug bounty award to $10K

By

The source code sharing website will up its maximum payout from $5,000 to $10,000 in its bug bounty program's second year.

The ying and the yang of cloud security: Detection & incident response

While the cloud has fundamentally changed the way we do business, it has left organizations feeling vulnerable to attacks. Enterprise security architectures are being extended to include data security for the cloud.

'GHOST' bug in Linux library enables remote takeover of victim's system

'GHOST' bug in Linux library enables remote takeover of victim's system

By

Qualys has identified a buffer overflow vulnerability in the Linux GNU C Library that, if exploited, could enable an attacker to remotely take complete control of a victim's system.

Researcher commandeers drone through Maldrone backdoor

By

A security engineer from Citrix demonstrated the Maldrone malware that he built as a backdoor to control drones.

Marriott fixes Android app issue that may have exposed personal data

By

The hotel chain has addressed a weakness in its Marriott International Android app that could have allowed attackers to access customer data, including credit card information.

Adobe releases another Flash zero-day fix

By

The use-after-free vulnerability was being exploited in drive-by-download attacks, Adobe warned.

Apple readies Thunderstrike fix for upcoming OS X release

By

The Yosemite 10.10.2 release will address the vulnerability that can be exploited via a Mac's Thunderbolt port, in addition to three recently disclosed Project Zero vulnerabilities.

Report: Most U.S. weapons programs contain 'significant vulnerabilities'

By

The head weapons tester at the Pentagon has released a report that indicates a slew of vulnerabilities affecting Department of Defense networks.

Fuel tank gauges vulnerable to attackers

By

More than 5,000 ATGs nationwide are vulnerable to attack through exposed serial port interfaces.

Adobe plugs Flash zero-day, investigates separate exploit reports

Adobe plugs Flash zero-day, investigates separate exploit reports

By

Adobe said it is aware of reports that an exploit for the bug exists.

Insecure dongle reportedly puts more than two million U.S. vehicles at risk

By

The dongle that is used by Progressive Insurance and is deemed insecure is used in more than two million vehicles in the U.S.

FiOS mobile app vulnerability put all Verizon email accounts at risk

By

Verizon has fixed a critical vulnerability in its My FiOS app that made it possible to read and send messages from any Verizon user's email account.

GoDaddy patches CSRF bug discovered by security researcher

By

After discovering the bug, security researcher Dylan Saccomanni reached out to the domain registrar, which updated its CSRF protection on Monday.

HITRUST forms working group for medical device, health system security

By

The mission of the working group will be to enhance health information technology (HIT) security.

Several vulnerabilities addressed in Firefox 35, some deemed critical

Several vulnerabilities addressed in Firefox 35, some deemed critical

By

Numerous Firefox vulnerabilities, some deemed critical, have been addressed by Mozilla in the latest release of its web browser.

Researcher builds $10 spy tool disguised as wall charger

By

The KeySweeper device leverages a vulnerability in Microsoft wireless keyboards and can sniff, decrypt and log all keystrokes.

Google drops security updates for WebKit in Android 4.3, below

By

Google has killed security updates for WebKit in earlier Android versions, leaving nearly a billion users at risk.

Adobe update patches nine vulnerabilities, critical bugs in Flash Player

By

Adobe Flash Player and AIR users are urged to update to the latest versions of the software after a total of nine flaws have been patched.

Moonpig vulnerability exposes customers' personal information

By

Moonpig, a customizable greeting card company, had 3 million customers' personal information exposed after a developer detailed a security vulnerability online.

Google publishes Windows 8.1 flaw details before patch is issued

Google publishes Windows 8.1 flaw details before patch is issued

By

Google's "Project Zero" team discovered an elevation of privilege flaw in Windows 8.1 and detailed the vulnerability online, 90 days after alerting Microsoft.

Apple patches iCloud vulnerability exploited by iDict hacking tool

By

Apple apparently has patched a vulnerability that could be easily exploited by the iDict hacking tool released on New Year's Day.

Weak server entry point in JPMorgan Chase breach

By

A server not upgraded with two-factor authentication is the likely way hackers got into JPMorgan's system, the New York Times reported.

Report: SS7 flaws enable listening to cell phone calls, reading texts

Report: SS7 flaws enable listening to cell phone calls, reading texts

By

Vulnerabilities in Signaling System 7 make it possible for anyone to listen in on phone calls and read text messages, even if encrypted.

Git client discloses critical security vulnerability

By

An advisory is warning all users of GitHub for Windows and GitHub for Mac to update their clients as soon as possible.

Researchers find 'CoolReaper' backdoor in CoolPad devices

By

Palo Alto Networks Unit 42 researchers have identified the backdoor on numerous devices, so far leaving more than 10 million users vulnerable.

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

By

The vulnerability can enable attackers to steal credentials and personal and business data, as well as infect machines with malware.

Closing the web app data security gap: Dynamic data masking for web applications

The rigidity of web application security controls has left the enterprise vulnerable to data breach.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US