Vulnerabilities

RSA 2015: Bug hunting and responsible vulnerability disclosure

By

In this video, Casey Ellis, cofounder and CEO of Bugcrowd, discusses bug hunting and responsible vulnerability disclosure.

Microsoft expands bug bounty program to include Project Spartan

By

Microsoft announced plans on Wednesday to on expand its bug bounty program to include Project Spartan, the company's new browser, and Azure, the company's cloud platform.

RSA 2015: Protecting critical infrastructure

RSA 2015: Protecting critical infrastructure

As Robert Hinden, Check Point fellow, described in his Wednesday RSA session, "Protecting Critical Infrastructure," hacking physical infrastructure is something that can affect us all, and like IT systems, there are many vulnerabilities, but the consequences are much greater, and the attacks have begun.

RSA 2015: 'No iOS Zone' attack allows denial-of-service against Apple devices

RSA 2015: 'No iOS Zone' attack allows denial-of-service against Apple devices

By

According to the co-founders of Skycure, which presented on the attack at RSA Conference, Apple has not completely resolved the security issue.

RSA 2015: Thousands of Android apps found to be vulnerable

RSA 2015: Thousands of Android apps found to be vulnerable

Vulnerability testing by CERT found tens of thousands of Android apps are vulnerable and no full register exists as they don't all get CVE assigned.

'Rootpipe' vulnerability still exploitable on patched machines

By

Apple "rootpipe" vulnerability was supposedly patched in the company's most recent release, but a security researcher says differently.

Multiple WordPress plugins vulnerable to cross-site scripting

By

The issue was identified last week and researchers worked together with plugin developers to ensure patches were ready before the problem was disclosed.

Check Point discloses vulnerability in eBay's Magneto platform

By

Check Point discovered a critical remote code execution vulnerability could have allowed attackers to compromise nearly eBay shops running on the company's Magneto platform.

AirDroid vulnerability would let attackers take over Android phones

By

A serious vulnerability has been found in Android's AirDroid application that could allow unauthorized remote access to the user's phone

Dropbox launches bug bounty program

By

Dropbox launched its bug bounty program on Wednesday through HackerOne.

Audit finds unsecured docs at most desks in five DHS orgs

By

Sensitive information was left out in the open after hours on nearly a third of the desks at five Department of Homeland Security (DHS) organizations, a KPMG audit found.

Adobe security updates address wide range of bugs, some critical

By

Adobe released security updates for Flash Player on Tuesday, as well as updates for Adobe Flex and ColdFusion.

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

Microsoft addresses 26 vulnerabilities, some critical, on Patch Tuesday

By

Microsoft addressed 26 vulnerabilities in 11 bulletins for its monthly Patch Tuesday release, and four of the bulletins are deemed critical.

Researchers identify attack technique, all Windows versions at risk

Researchers identify attack technique, all Windows versions at risk

By

Researchers with Cylance identified the "Redirect to SMB" technique, which can enable the theft of user credentials from PCs, tablets and servers running any version of Windows.

Darwin Nuke vulnerability allows DoS in OS X 10.10 and iOS devices

By

The vulnerability in the operating systems' Darwin kernel allows attackers to execute DoS attacks and damage devices.

FBI warns of WordPress defacements as new plugin vulnerability is found

FBI warns of WordPress defacements as new plugin vulnerability is found

By

The FBI warned that individuals sympathetic to ISIL, or ISIS, are defacing WordPress websites by exploiting vulnerabilities in plugins.

Firefox 37.0.1 disables features after vulnerabilities found

By

The March 31 release of Firefox 37 introduced the opportunistic encryption feature to the browser, by April 3 it had been disabled.

Drive-by-login attack identified and used in lieu of spear phishing campaigns

Drive-by-login attack identified and used in lieu of spear phishing campaigns

By

A new attack, drive-by-logins, allows attackers to target specific victims on sites they trust.

Nearly 75 percent of Global 2000 orgs still vulnerable to Heartbleed

Nearly 75 percent of Global 2000 orgs still vulnerable to Heartbleed

By

Venafi Labs researchers found that 74 percent of 1,642 Global 2000 organizations had not completed Heartbleed remediation across all public-facing servers.

Change.org bug exposes user email addresses

By

Email addresses of a "small subset" of users were in public view when search engines indexed unsubscribe links.

Fake Pirate Bay site pushes Nuclear Exploit Kit, distributes trojans

By

A copy-cat Pirate Bay site is targeting attacks against WordPress users and injecting them with malware.

Vulnerability discovered that could allow for deletion of every YouTube video

By

Kamil Hismatullin identified a vulnerability in Google's Application Programming Interface (API) that could have allowed him to delete any and every video on YouTube.

Taming the third-party threat: Application security

Taming the third-party threat: Application security

By

The challenge for security practitioners is to make the mobile ecosystem more trustable, reports Alan Earls.

Documents on NSA's zero-day policy provide little insight, EFF says

Documents on NSA's zero-day policy provide little insight, EFF says

By

The Electronic Frontier Foundation obtained government documents about its use of zero-days and its policy for when to disclose them.

Bitcoin blockchain exploitation could allow for malware spreading

By

A Kaspersky researcher found that the cryptocurrency's ledger can be used to store malware control mechanisms or provide access to illicit content.

Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014

Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014

By

The number of product vulnerabilities reported in 2014 jumped up 18 percent, according to research from Secunia.

Vulnerability found in popular hotel routers

By

A flaw in InnGate routers could allow an a attacker to distribute malware to guests, monitor and record data sent over the network and possibly gain access to the hotel's reservation and keycard systems.

GE, MACTek update products using vulnerable HART DTM library

By

Four GE products and one MACTek product are impacted by the vulnerability, according to ICS-CERT.

Android vulnerability leaves apps open to malicious overwriting

Android vulnerability leaves apps open to malicious overwriting

By

Palo Alto Networks detailed a vulnerability in the way apps are saved on Android in a Tuesday blog post.

Vulnerability found in Hilton HHonors Awards system

By

The flaw could have allowed an attacker to hijack any account and execute actions, including redeeming awards points for travel or hotel reservations.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US