Vulnerabilities

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

By

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.

A hundred Android apps, 150M downloads, vulnerable to Heartbleed

A hundred Android apps, 150M downloads, vulnerable to Heartbleed

By

Researchers with FireEye scanned more than 54,000 Android apps in the Google Play store and learned that more than a hundred, downloaded a combined 150 million times, are vulnerable to the Heartbleed bug.

Apple's iOS 7.1.1 fixes Webkit bugs, encryption bypass issue

By

Released Tuesday, the update prevents exploit via "triple handshake" attacks, which could allow a bypass of encryption safeguards.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, can be reopened

By

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several code execution bugs

By

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.

Feedly fixes Android JavaScript code injection flaw, deems it "harmless"

Feedly fixes Android JavaScript code injection flaw, deems it "harmless"

By

A researcher wrote about a bug in the Android app for news aggregator Feedly that could enable JavaScript code injection, but even though it was fixed, the company did not really consider it a vulnerability.

Heartbleed bug exploited to bypass multifactor auth, hack VPN

By

Security firm Mandiant detailed the heartbleed exploit, which was used on one of its clients.

Hacktivist claims Facebook is vulnerable to DNS attacks, Facebook says it's not

By

Facebook debunked a reported claim by Mauritania Attacker, the alleged leader of hacktivist collective AnonGhost, that the social media website is vulnerable to DNS attacks.

Heartbleed prompts HealthCare.gov to reset passwords

By

After reviewing government websites for Heartbleed exploits, HealthCare.gov changed users' passwords.

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

By

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Donation campaign launched, aimed at OpenSSL audit

By

Bugcrowd, an Australian security start-up, will organize the funding drive in hopes to further secure the open source software.

Arrested Canadian hacker 'believed' to have exploited Heartbleed bug

Arrested Canadian hacker 'believed' to have exploited Heartbleed bug

By

The Royal Canadian Mounted Police arrested a 19-year-old man in Ontario who they believe exploited the Heartbleed bug to steal information from a federal agency.

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

By

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

WhatsApp bug allows for interception of shared locations

By

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Most Heartbleed detection tools have bugs of their own, firm finds

By

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

By

A fingerprint spoof created in September 2013 to bypass the Touch ID on the iPhone 5s was used to bypass the fingerprint scanner on the Samsung Galaxy S5, which was released on Friday.

Oracle fixes 104 flaws in quarterly update, addresses Heartbleed bug

Oracle fixes 104 flaws in quarterly update, addresses Heartbleed bug

By

Oracle's Critical Patch Update (CPU) plugged 37 holes in the popular Java browser plug-in.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a scapegoat for older breaches

By

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached because of the critical flaw.

Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

By

A quick fix was issued to Flickr SQL injection flaws that could open the door for remote code execution after a researcher identified the issues and reported it to Yahoo.

Revenue Canada: Heartbleed exploit used in taxpayer breach

By

The social insurance numbers of 900 taxpayers were accessed in the breach, according to the agency.

Heartbleed bug not leveraged for surveillance, NSA says

Heartbleed bug not leveraged for surveillance, NSA says

After a Bloomberg article reported that unnamed sources indicated that the NSA knew of the major flaw and utilized it for surveillance purposes, the agency denied the claims.

DHS puts critical infrastructure on 'Heartbleed Bug' alert

DHS puts critical infrastructure on 'Heartbleed Bug' alert

By

This week, critical infrastructure operators were notified of potential threats arising from the critical OpenSSL flaw.

Google Chrome bug enables stealthy tapping of microphones

By

A vulnerability in Google Chrome can allow an attacker to stealthily listen in on someone, even if microphone access is blocked.

'Heartbleed bug' leads Canada Revenue Agency to suspend tax efiling

By

The Heartbleed Bug is a critical OpenSSL flaw said to leave online information, including payment card data, vulnerable to being exposed.

Vulnerable organizations respond to encryption-breaking 'Heartbleed Bug'

Vulnerable organizations respond to encryption-breaking 'Heartbleed Bug'

By

Organizations vulnerable to the SSL/TLS encryption-breaking Heartbleed Bug, a critical vulnerability in widely used versions of the OpenSSL library, are updating quickly.

Critical Adobe Flash Player vulnerabilities addressed in Tuesday update

By

A Tuesday update addresses critical Adobe Flash Player vulnerabilities that could allow an attacker to take control of Windows, Macintosh and Linux systems.

Blackberry issues update for remote code execution vulnerability

By

Blackberry issued an advisory yesterday warning Blackberry 10 customers that a remote code execution vulnerability could threaten their phones' security.

GovWin IQ hacked, payment card data of 25,000 Deltek customers at risk

By

Roughly 80,000 Deltek customers may have information at risk, including payment card data for 25,000 of them, after an attacker hacked into Deltek's GovWin IQ system.

Microsoft releases final fixes for Windows XP, Office 2003

Microsoft releases final fixes for Windows XP, Office 2003

By

This month's Patch Tuesday marks the end of support for the dated, but widely used, products.

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

By

Internet communications utilizing SSL/TLS encryption may be at risk due to the Heartbleed Bug, a critical vulnerability in widely used versions of the OpenSSL library.

Sign up to our newsletters

POLL