Vulnerabilities

Bug in iOS Instagram app fixed, impacts Facebook accounts

By

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

New website calls out sites, apps, lacking security

By

HTTP Shaming was created by a security consultant to call out apps and web services that put user information at risk.

Vulnerability exploited by Stuxnet still a threat

By

Despite a patch issued four years ago, a vulnerability in XP, Vista, WIndows 7 and Windows Server 2001/2008 is still a threat.

Apple's Safari browser updates available following bug fixes

By

Apple has released version 6.1.6 and 7.0.6 of its Safari browser following patched vulnerabilities recently discovered by its researchers.

SOHOpelessly contest at DefCon yields 15 router flaws

By

In a multi-challenge contest security researchers uncovered vulnerabilities and hacked into routers at the DefCon conference in Las Vegas.

Adobe plugs critical Flash Player vulnerabilities

By

On Tuesday, Adobe released fixes for seven critical bugs in its Flash Player plug-in.

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

On Patch Tuesday, Microsoft releases nine patches for 37 bugs

By

The tech giant's monthly security update includes two critical patches for IE and Windows.

DefCon: Bug bounty programs continue to evolve

By

At DefCon 22 in Las Vegas, Nir Valtman discussed how far bug bounty programs have come in nearly 20 years.

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

DefCon: You cannot 'cyberhijack' an airplane, but you can create mischief

By

In a session at DefCon 22, speakers explained that it is not possible to hack a plane and take control of the aircraft, but creating some mischief is still possible.

DefCon: Traffic control systems vulnerable to hacking

DefCon: Traffic control systems vulnerable to hacking

By

Cesar Cerrudo spoke at DefCon about how traffic control systems used in the U.S. and other countries can be hacked.

Black Hat 2014: Experts demo badUSB proof-of-concept tools

Black Hat 2014: Experts demo badUSB proof-of-concept tools

By

A wide host of devices rely on USB to make them usable but USB contains vulnerabilities that attackers can exploit.

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

Microsoft previews nine bulletins, critical fixes for Windows, IE ahead

By

Two critical fixes from the tech giant will plug RCE bugs impacting Windows and IE users.

Black Hat: SAP systems vulnerable to payment card theft, rerouting payments

By

At Black Hat 2014, Ertunga Arsal demonstrated how he can gain admin access to SAP systems, steal payment card data and reroute payments.

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

Black Hat: Hackers execute code on mobile POS devices, play their version of Flappy Bird

By

Two hackers demonstrated how device vulnerabilities could allow attackers to access sensitive card data using multiple attack vectors.

Black Hat: Researchers hack into Cisco EnergyWise

Black Hat: Researchers hack into Cisco EnergyWise

By

Vulnerabilities in EnergyWise could let attackers cause huge blackouts if abused.

Vulnerabilities in WordPress and Drupal enable DoS attacks

By

A researcher has discovered vulnerabilities in WordPress and Drupal that enable XML denial-of-service attacks.

Researcher discusses dynamic analysis of Flash files

By

In this video, F-Secure's Timo Hirvonen chats with Adam Greenberg, reporter at SC Magazine, about the project, as well as the threats aimed at Flash and Java vulnerabilities.

Analyzing the 'Fake ID' Android vulnerability

By

In this video shot at Black Hat 2014 in Las Vegas, Jeff Forristal of Bluebox Security sits with Danielle Walker, reporter at SC Magazine, to discuss the Fake ID Android vulnerability.

Black Hat: Airport security equipment at risk

Black Hat: Airport security equipment at risk

By

Bugs in trace detection scanners, x-ray machines and time and attendance clocks could make them vulnerable to attack, according to experts at this year's Black Hat conference.

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

Black Hat: Hidden controls open 2 billion mobile devices to exploitation

By

A pair of researchers from Accuvant at the 2014 Black Hat conference showed how the OMA-DM protocol can be leveraged to gain access to mobile devices.

PayPal addressing another two-factor authentication bypass

PayPal addressing another two-factor authentication bypass

By

An Australian researcher has discovered and posted a method for getting past PayPal's two-factor authentication, but it requires primary credentials.

PittyTiger spearphishing campaign speaks multiple languages

PittyTiger spearphishing campaign speaks multiple languages

By

A threat group operating out of China continues its damage using older exploits, FireEye researchers said.

Attackers compromise Gizmodo Brazil

By

Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.

A five-month-long Tor attack attempting to 'deanonymize' users

By

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.

Symantec Endpoint Protection vulnerabilities enable privilege escalation

Symantec Endpoint Protection vulnerabilities enable privilege escalation

By

Vulnerabilities existing in Symantec Endpoint Protection can be exploited to escalate privileges, perhaps resulting in a complete Windows domain takeover.

Instagram iOS and Android apps vulnerable to session hijacking

By

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

HP tests 10 popular IoT devices, most raise privacy concerns

HP tests 10 popular IoT devices, most raise privacy concerns

By

In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.

Vulnerability impacting multiple versions of Android could enable device takeover

Vulnerability impacting multiple versions of Android could enable device takeover

By

Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

Bug in MailPoet plugin exploited to compromise thousands of WordPress sites

By

Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, we need to get it right every time

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Sign up to our newsletters

POLL