Vulnerabilities

Mobile madness

More and more corporate activities are being undertaken by employees depending on iPhones, iPads, laptops and other mobile devices.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

By

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

ShellShock vulnerability exploited in SMTP servers

By

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 within hours

By

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.

Watering hole attacks: Detect end-user compromise before the damage is done

Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks.

Latest Ebola-themed phish leverages unpatched Windows bug

By

The bug, CVE-2014-6352, has a temporary solution, but still no permanent fix from Microsoft.

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not falling

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

By

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

DHS investigates possible vulnerabilities in medical devices, report indicates

DHS investigates possible vulnerabilities in medical devices, report indicates

By

Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

PHP vulnerabilities patched

By

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Vulnerabilities addressed in Apple TV 7.0.1, iOS 8.1 updates

By

The iOS 8.1 update comes with a fix to a vulnerability known as POODLE, which can enable an attacker to decrypt data protected by SSL.

Apple OS X Yosemite contains bug fixes, Security Update also released

By

Apple OS X Yosemite includes fixes for more than 40 vulnerabilities, including POODLE and Shellshock.

FireEye pegs top Java exploits and EKs using them

By

A report details the three most commonly exploited Java bugs affecting users.

Updates, changes to security, could lessen POODLE's bite

Updates, changes to security, could lessen POODLE's bite

By

Security pros urge operators and users to nix support for the popular, but antiquated, SSL v3.0.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?

Drupal core contains 'highly critical' SQL injection vulnerability

By

Upgrading to Drupal core 7.32 will address the vulnerability, which could lead to privilege escalation and arbitrary PHP execution if exploited.

POODLE exploits SSL 3.0 fallback

POODLE exploits SSL 3.0 fallback

By

Researchers at Google have discovered a flaw in SSL 3.0 that allows attackers to exploit the popular cryptography protocol and intercept communications.

Shellshock used to amass botnet and execute phishing campaign

By

Researchers found that the botnet contained 360 bots and was used to target Spanish-speaking Citibank customers.

Malicious ads on YouTube direct users to Sweet Orange exploit kit

By

The campaign targeted users running vulnerable versions of Internet Explorer.

Adobe fixes Flash Player, ColdFusion flaws

By

Adobe addressed nine Flash Player flaws in three CVEs, giving four bugs the company's highest priority rating.

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

On Patch Tuesday, Microsoft plugs 24 bugs, including three zero-days

By

For the month of October, the tech giant released eight patches, including three critical fixes.

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

Zero-day attackers exploit Windows kernel, Patch Tuesday brings fix

By

FireEye researchers say that two zero-day flaws were used in separate, unrelated attacks.

Faulty UBC software exposed student financial information

By

Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.

Microsoft schedules nine bulletins for Patch Tuesday update

Microsoft schedules nine bulletins for Patch Tuesday update

By

Out of the nine bulletins, three will address critical RCE bugs in its products.

Cisco addresses numerous vulnerabilities in ASA software

Cisco addresses numerous vulnerabilities in ASA software

By

Many of the vulnerabilities can lead to a denial-of-service condition, but others could result in a full compromise of the affected system.

Google shells out $75K in bug bounties for Chrome 38 release

By

Google has paid more than $75,000 in bug bounties to security researchers who helped discover flaws patched in its recent release of Chrome 38.

Apple iOS 8 bug reportedly deleting iWork docs

By

MacRumors forum users are reporting that the bug is deleting their iCloud documents, and in some cases, the docs could be permanently lost.

What You Need to Know about Securing Access to Your Private Cloud

Moving enterprise apps to the cloud is becoming a very attractive option for organizations striving to cut IT costs while improving agility and scalability.

Mozilla patches Bugzilla bug that revealed details on flaws

By

Mozilla has updated its Bugzilla tracking program to patch security holes, including a flaw that exposed bugs that security researchers are patching.

The worst of Shellshock might have already passed

The worst of Shellshock might have already passed

By

Slightly more than a week after the bug's disclosure, the attacks on domains might have already peaked, according to new research.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US