Vulnerabilities

WordPress security simplified — Six easy steps for a more secure website

WordPress is the most-used content management system (CMS) in the world. More than 60 million websites, or 22.9% of the internet, use WordPress for content creation.

eBay addresses XSS issue affecting auction page visitors

By

Due to the flaw, iPhone bidders were vulnerable to being redirected to a phishing page.

Adobe makes delayed updates for Reader, Acrobat available

By

The Reader and Acrobat fixes were delayed a week due to issues found during testing.

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

By

Google reportedly addressed the issue, but many users likely await the fix from providers or OEMs.

Researcher discovers flaw in Amazon Kindle Library

By

A security expert discovered a vulnerability in Amazon's Kindle Library that could lead to cross-site scripting attacks and account compromises.

The art of the test: Is your network security ready for the real world?

Often, the best way to make sure something works is to try it out. When it comes to network security, trying it out before an attacker does is an excellent idea.

Internet Explorer security feature blocks outdated ActiveX controls

Internet Explorer security feature blocks outdated ActiveX controls

By

Microsoft introduced a security feature in versions of Internet Explorer that blocks out-of-date ActiveX controls.

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

Microsoft addresses 42 bugs in four bulletins on Patch Tuesday

By

One bulletin is deemed critical and addresses 37 vulnerabilities in Internet Explorer that enable remote code execution.

Adobe addresses 12 security vulnerabilities in latest bulletin

By

Adobe has issued security fixes addressing 12 vulnerabilities affecting its Flash Player and AIR for Windows, Macintosh and Linux platforms.

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

Sensys Networks releases updates to address vehicle traffic sensor vulnerabilities

By

Sensys Networks addressed two vulnerabilities in its vehicle traffic sensors that were discovered by Cesar Cerrudo, CTO of IOActive Labs.

Tapping global threat intelligence to secure enterprise networks

On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector

Researchers reveal security issues in Android apps

By

On Monday, the University of New Haven revealed its first video in a series of security findings.

New Zealand ISP says DDoS attack caused weekend internet issues

By

Customers of New Zealand communications service provider Spark experienced internet connectivity issues over the weekend due to a distributed denial-of-service attack.

Microsoft plans four patches, one critical, for Patch Tuesday

Microsoft plans four patches, one critical, for Patch Tuesday

By

The sole critical patch this month will address remote code execution issues in Internet Explorer.

Researchers discover two SQL injection flaws in WordPress security plugin

By

High-Tech Bridge discovered two SQL injection vulnerabilities in All In One WordPress Security and Firewall plugin and notified the vendor.

Twitter announces launch of bug bounty program

By

The social media giant recently announced its new bug bounty program, rewarding researchers that find security vulnerabilities in its web services.

Mitigating employee risk - Keep hires from starting fires

Employees are an organization's greatest asset and greatest risk. With a single click an employee can devastate a business by transferring or damaging huge amounts of data.

Researchers will compete to win up to $425,000 at Mobile Pwn2Own 2014

By

The third annual Mobile Pwn2Own competition will feature new devices to crack and a $425,000 prize pool, which has gone up $125,000 from last year's.

Firefox 32 includes public key pinning, fixes critical vulnerabilities

Firefox 32 includes public key pinning, fixes critical vulnerabilities

By

Mozilla enabled public key pinning support in Firefox 32 primarily as a way to defend against man-in-the-middle attacks.

Security foundation also warns of Netis router backdoor

By

Trend Micro first alerted the public to the backdoor affecting Netis and Netcore brand routers.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

By

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of 'high-risk' bugs

By

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system is released.

IBM projects 2014 bug disclosures may hit three-year low

IBM projects 2014 bug disclosures may hit three-year low

By

The number of disclosed vulnerabilities is on track to fall below 8,000 this year, a first since 2011.

Researchers warn of backdoor in Netis, Netcore routers

By

The routers are sold in China under the Netcore brand name, and elsewhere as Netis products.

Hack exposes Secret app confessions

By

Anonymous confessions posted on a popular app, called "Secret," were susceptible to being exposed via a hack.

FireEye examines popular Google Play apps, 68 percent have SSL flaws

FireEye examines popular Google Play apps, 68 percent have SSL flaws

By

The firm analyzed 1,000 free apps in Google Play which were most downloaded by users.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

By

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Community Health Systems attackers exploited Heartbleed bug for access, firm says

Community Health Systems attackers exploited Heartbleed bug for access, firm says

By

Sources close to the breach investigation tipped off TrustedSec CEO David Kennedy.

Bug in iOS Instagram app fixed, impacts Facebook accounts

By

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

New website calls out sites, apps, lacking security

By

HTTP Shaming was created by a security consultant to call out apps and web services that put user information at risk.

Sign up to our newsletters

POLL