Vulnerabilities

Microsoft fixes three "critical" flaws with Patch Tuesday release

By

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.

April's Patch Tuesday from Microsoft includes another Internet Explorer patch

April's Patch Tuesday from Microsoft includes another Internet Explorer patch By

The software giant expects to distribute eight other fixes to correct vulnerabilities in Windows, Office, Server Software and Security Software.

Firefox 20 released, makes "private browsing" easier

By

The release patches 13 vulnerabilities, five of which are deemed "critical."

Sophos' flagship web security product open to attack

By

The security company is urging customers to upgrade to the latest version of the appliance, which is not susceptible to the vulnerabilities reported Wednesday by researchers at SEC Consult.

Threat of the month: Universal Plug and Play vulnerabilities

Threat of the month: Universal Plug and Play vulnerabilities

April's "threat of the month" are Universal Plug and Play (UPnP) vulnerabilities, which allow attackers to execute arbitrary code.

Cleaning up the CVSS

By

Prioritization is a key part of the patching strategy of any customer, says SC Magazine's Dan Kaplan.

Web-based malware threats primary challenge for industry pros, survey says

By

Of the companies polled in a recent survey, eight in 10 indicated that they experienced web attacks in 2012.

Research reveals 94 percent of endpoints currently running outdated versions of Java

By

Owing to outdated browsers, an attack aimed at older Java vulnerabilities can be just as successful for miscreants as targeting new vulnerabilities, according to new research.

Experiment shows how often hackers want to attack critical infrastructure

Experiment shows how often hackers want to attack critical infrastructure By

Honeypots installed by researchers at security firm Trend Micro provided bait for 39 attacks on simulated ICS environments over the course of a month.

Apple updates Mountain Lion OS, includes Java Web Start fix

Apple updates Mountain Lion OS, includes Java Web Start fix By

The security update patched 21 vulnerabilities and a Java Web Start bug that could allow apps to be launched automatically.

Cyber criminals offer black market peers bug discovery service

By

The new offering shows that, as cyber criminals become more sophisticated, they'll need more options to secure their infrastructure.

Microsoft pushes seven patches, including fix for "evil maid"-style attack

By

The vulnerability allows anyone with "casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds" to plug in a USB device and become an administrator, according to Microsoft.

Sponsored video: Philippe Courtot, chairman and CEO of Qualys, at RSA Conference 2013

By

In this video shot at RSA Conference 2013 in San Francisco, Illena Armstrong, VP of editorial at SC Magazine, sits with Courtot to discuss some of the big problems facing CISOs today, as well as his thoughts on this year's big conference.

Nearly all apps vulnerable to exploit

By

Researchers also found that the median number of vulnerabilities per application was 13 flaws.

Microsoft schedules seven security patches for monthly Patch Tuesday

By

They address flaws in Internet Explorer (IE), Windows, Office, Server Software and Silverlight.

Down go Chrome, Firefox, IE 10, Java, Win 8 at Pwn2Own hacker fest

Down go Chrome, Firefox, IE 10, Java, Win 8 at Pwn2Own hacker fest

Despite the best efforts by browser and operating system manufacturers to shore up their offerings, exploit hunters are still finding success at attacking the world's best-known platforms - especially when there is a large chunk of change on the line.

Attackers use stolen certificate to sign malicious Java applet

By

Researchers believe the stolen private key belonged to an unwitting Texas consulting company.

Oracle pushes patch for Java vulnerability after exploit reports surface

By

The company apparently was able to distribute a fix so quickly because it actually learned of this vulnerability on Feb. 1, but wasn't able to include a patch in the Feb. 19 update to Java.

Apple won't let users run Flash unless it is the latest version

By

The move follows two instances in the past few weeks when Adobe unexpectedly issued a Flash Player update to close vulnerabilities under active attack.

Another Java exploit spreading

By

Just a few weeks after Oracle rushed a patch for the commonly exploited Java software, it is experiencing yet another meltdown.

Adobe hurries update to fix Flash zero-day vulnerabilities

By

Adobe this week released an update to its Flash Player to close three vulnerabilities, two of which are under active attack.

FTC whips HTC over poor software coding, developer training and researcher outreach

By

The consumer protection agency said vulnerabilities and the "insecure implementation" of diagnostic software propelled action against the American division of the mobile device maker for a number of security shortfalls.

Adobe patches against PDF exploits that overran sandbox

By

Adobe on Wednesday made available a security update to its Reader and Acrobat software to close two vulnerabilities that are under active attack.

iPhone passcode flaw opens device to intruders

By

The passcode flaw affects iOS 6.1, allowing pranksters to bypass its security feature.

Adobe verifies Reader vulnerabilities, offers workaround

By

Exploits that are taking advantage of the vulnerabilities are able to evade Adobe's sandbox technology, which was implemented with the release of Reader and Acrobat X.

Adobe Reader exploit spotted in the wild

By

Adobe may be dealing with another zero-day vulnerability, this time appearing in the latest version of its PDF software, Reader.

Microsoft patch fixes critical IE flaws

By

One security bulletin fixes 13 flaws that could allow an attack to remotely execute code in several versions of IE.

Adobe updates Flash to address targeted exploits

By

The software company has updated its ubiquitous Flash software because of two pressing zero-day vulnerabilities.

Microsoft to plug 57 security holes next week

By

The software giant expects to release a dozen patches on Tuesday, but all eyes are on two bulletins that address security flaws in Internet Explorer.

Push comes to shove

Push comes to shove

PayPal's Andy Steingruebl knows security is not an insular task. By looking outside of its own walls, the company has taken the fight to the enemy, and helped everyone else in the process.

Sign up for our newsletters

POLL