The Electronic Frontier Foundation obtained government documents about its use of zero-days and its policy for when to disclose them.
A Kaspersky researcher found that the cryptocurrency's ledger can be used to store malware control mechanisms or provide access to illicit content.
The number of product vulnerabilities reported in 2014 jumped up 18 percent, according to research from Secunia.
A flaw in InnGate routers could allow an a attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel's reservation and keycard systems.
Four GE products and one MACTek product are impacted by the vulnerability, according to ICS-CERT.
Palo Alto Networks detailed a vulnerability in the way apps are saved on Android in a Tuesday blog post.
The flaw could have allowed an attacker to hijack any account and execute actions, including redeeming awards points for travel or hotel reservations.
Although a highly critical Drupal SQL injection vulnerability was patched nearly six months ago, attackers continue to successfully exploit websites that have failed to update their systems.
The two-day hacking competition ended on Thursday.
Although most IT professionals believe mobile apps in the workplace have increased security risks, less than half of organizations have a policy in place to define acceptable mobile app use.
OpenSSL Project issued multiple patches on Thursday to address security vulnerabilities, including two of "high" severity.
A misstep by an IT employee of Canadian communications conglomerate Rogers Communications allowed the contractual information of 50-70 of the company's business customers to be exposed via Twitter.
Researchers were able to exploit a hardware bug, called "rowhammer," to obtain kernel privileges.
The SSL/TLS vulnerability FREAK can be exploited to force an HTTPS connection to use weaker and, therefore, easier to crack encryption.
Apple released Safari 8.0.4, Safari 7.1.1, and Safari 6.2.4 for Mountain Lion, Mavericks, and Yosemite on Tuesday.
Bugcrowd partnered with Western Union to launch the company's public bug bounty program this past week.
The NCC Group's Cryptography Services confirmed its plans to launch an audit of OpenSSL earlier this week with the first results planned to come out this summer.
Scanning its registry of more than 10,000 services, Skyhigh Networks determined that 685 cloud services are still vulnerable to FREAK.
Windows, Macintosh and Linux users of the software are urged to update to the latest versions available.
Years after shipping its first patch for the vulnerability, the tech giant has attempted to plug the hole again.
The flaw could ultimately expose user data, saved to Dropbox through vulnerable third-party apps, to attackers.
The tech giant released five critical patches and nine important updates.
Researchers with Sucuri have identified a vulnerability in the MainWP Child plugin for WordPress, and they consider it a critical security risk.
Apple released its iOS 8.2 update on Monday to address the "FREAK" vulnerability, as well as to incorporate support for its new Apple Watch.
A Facebook login bug has gone unfixed for a year, according to a blog.
The Secure Socket Layer (SSL) protocol is under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.
Adobe's new web application vulnerability disclosure program will reward researchers with a boosted reputation score on HackerOne.
The smartphone was verified to be a legitimate device by major smartphone distributor Xiaomi.
A researcher notified D-Link of vulnerabilities in one router, and D-Link then expanded the investigation to a number of other devices.
Last year, Microsoft introduced MemoryProtection (MemProtect), which helps deflect attacks leveraging use-after-free vulnerabilities.
Sign up to our newsletters
SC Magazine Articles
- Popular adult website XTube compromised, delivers malware
- Android vulnerability leaves apps open to malicious overwriting
- One in three of the top million websites are 'risky,' researchers find
- Orgs predict $53M risk, on average, from crypto key, digital cert attacks
- Hanjuan Exploit Kit leveraged in malvertising campaign
- Report: 71 percent of orgs were successfully attacked in 2014
- Self-deleting malware targets home routers to gather information
- 'PoSeidon' point-of-sale malware targets payment card information
- Amedisys notifies nearly 7,000 individuals of potential breach
- Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014
- IBM will invest $3 billion in new IoT unit
- Infostealer Laziok targets energy companies
- 30 percent of practitioners say they would pay cyber extortionists to retrieve their data
- The best defense is a good offense: The importance of securing your endpoints
- British Airways says rewards accounts hacked, locked down