Vulnerabilities

Closing the web app data security gap: Dynamic data masking for web applications

The rigidity of web application security controls has left the enterprise vulnerable to data breach.

Cloudy with a chance of flaws

Any number of industry pundits have noted the prevalence of major vulnerabilities this year, especially when accounting for Heartbleed, Shellshock and POODLE.

'DoubleDirect' MitM attack affects iOS, Android and OS X users

'DoubleDirect' MitM attack affects iOS, Android and OS X users

By

Security firm Zimperium detected attacks in the wild over the past six to eight months.

Critical XSS vulnerability addressed in WordPress

Critical XSS vulnerability addressed in WordPress

By

A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.

Drupal addresses denial-of-service, session hijacking vulnerabilities

By

An advisory was issued on Wednesday regarding a denial-of-service vulnerability in Drupal 7 and a session hijacking flaw in Drupal 6 and 7.

Buffer overflow vulnerabilities identified in Hikvision DVR devices

Buffer overflow vulnerabilities identified in Hikvision DVR devices

By

Three buffer overflow vulnerabilities identified in Hikvision digital video recorder devices can, if exploited, enable a remote attacker to gain full control of the device.

Vulnerabilities identified in three Advantech products

Vulnerabilities identified in three Advantech products

By

Researchers with Core Security have identified vulnerabilities in three products manufactured by Advantech, some of which can be exploited remotely.

Mobile madness

More and more corporate activities are being undertaken by employees depending on iPhones, iPads, laptops and other mobile devices.

Backdoors delivered to Japanese orgs by way of Ichitaro exploit

By

Security firm Symantec calls the cyberespionage campaign "Operation CloudyOmega."

Apple addresses 'Masque Attack,' says customers are safe

By

Apple maintains that customers aren't at-risk targets for the Masque Attack if they operate within the App Store. Meanwhile, US-CERT issued a warning regarding the attack.

Waste no time patching Windows Schannel, OLE bugs, experts warn

Waste no time patching Windows Schannel, OLE bugs, experts warn

By

Neglecting to implement the Patch Tuesday fix for both bugs could prove dangerous, researchers say.

Vulnerability leaves Belkin router open to attack

By

Researchers at Integrity Labs say the vulnerability, if left unpatched, could allow attackers to gain control over affected devices.

Flash and AIR updates available after Adobe addresses 18 vulnerabilities

By

Software updates are now available for the Flash player and Adobe AIR after vulnerabilities were found that could give attackers the ability to execute code or escalate privileges on a machine.

Patch Tuesday brings 14 security bulletins, fixes 33 bugs

Patch Tuesday brings 14 security bulletins, fixes 33 bugs

By

Among the updates is a critical fix for a Windows OLE flaw, marking a second patch for the bug.

Tor network moderators unsure how feds discovered and shut down Silk Road 2.0

Tor network moderators unsure how feds discovered and shut down Silk Road 2.0

By

The anonymity software's moderators aren't entirely sure how up to 50 illicit websites were discovered and shut down this past week.

OS X 'Rootpipe' details emerge

By

A Swedish hacker says he won't divulge details of the vulnerability until January, after Apple patches it.

Safe tether: Wearables

Safe tether: Wearables

By

Wearable devices efficiently monitor user activity, but also open new targets for malware authors, reports Alan Earls.

Threat of the month: Bash bug/Shellshock

Threat of the month: Bash bug/Shellshock

Acting out: Cyber simulation exercises

Acting out: Cyber simulation exercises

By

Simulation exercises show how companies should respond under a cyberattack, says HHS's Sara Hall. Teri Robinson reports.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

By

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

ShellShock vulnerability exploited in SMTP servers

By

Researchers at Trend Micro found that attackers were targeting Simple Mail Transfer Protocol (SMTP) servers to execute malicious code and an IRC bot.

Assume Drupal 7 sites are compromised, unless patched or updated to 7.32 within hours

By

Assume every Drupal 7 website is compromised, unless patched or updated to Drupal 7.32 within seven hours of the disclosure of a highly critical SQL injection vulnerability.

Watering hole attacks: Detect end-user compromise before the damage is done

Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks.

Latest Ebola-themed phish leverages unpatched Windows bug

By

The bug, CVE-2014-6352, has a temporary solution, but still no permanent fix from Microsoft.

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not falling

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

By

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.

DHS investigates possible vulnerabilities in medical devices, report indicates

DHS investigates possible vulnerabilities in medical devices, report indicates

By

Reuters reported on Wednesday that DHS is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

PHP vulnerabilities patched

By

Developers patched multiple vulnerabilities in PHP that would have allowed remote code execution.

Vulnerabilities addressed in Apple TV 7.0.1, iOS 8.1 updates

By

The iOS 8.1 update comes with a fix to a vulnerability known as POODLE, which can enable an attacker to decrypt data protected by SSL.

Apple OS X Yosemite contains bug fixes, Security Update also released

By

Apple OS X Yosemite includes fixes for more than 40 vulnerabilities, including POODLE and Shellshock.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US