Vulnerabilities

Moving beyond passwords with mobile

Digital Identity is the foundation for granting user access in today's connected enterprise. Dated authentication approaches fall short on both security effectiveness and user experience.

A break in the clouds: Best practices for solving cloud infrastructure challenges to traditional security

Everything is different in the cloud. Including security.

Study: 86 percent of websites contain at least one 'serious' vulnerability

Study: 86 percent of websites contain at least one 'serious' vulnerability

By

WhiteHat Security's "2015 Website Security Statistics Report" looks at vulnerabilities in websites and the amount of time it took to patch them.

Method identified to generate unlimited Starbucks gift card funds

By

A hacker with security firm Sakurity identified a way to generate unlimited funds on Starbucks gift cards, and proved that it worked.

UC Browser found leaking personal data

By

Researchers wrote in a paper that UC Browser's English and Chinese versions leak personal and personally-identifiable data.

Logjam attack exposes data passed over TLS connections

Logjam attack exposes data passed over TLS connections

By

Computer scientists have identified weaknesses in the way popular cryptographic algorithm Diffie-Hellman key exchange is deployed.

NEWS ALERT: Fix for 'logjam' bug could impact 20K websites

By

A team of security pros have come up with a fix for the "logjam" bug, but implementing it could have serious consequences for thousands of websites.

Long list of devices believed to be affected by NetUSB vulnerability

Long list of devices believed to be affected by NetUSB vulnerability

By

Potentially millions of devices around the globe are vulnerable due to a remotely exploitable kernel stack buffer overflow in NetUSB.

Android vulnerability allows attackers to 'spoof' URL titles

By

An Android stock browser vulnerability was discovered that could allow cyber criminals to "spoof" the address bars and potentially carry out phishing schemes.

Hack of airplane systems described in FBI docs raises security questions

Hack of airplane systems described in FBI docs raises security questions

By

Claims that researcher Chris Roberts actually, briefly, commandeered a plane in flight after hacking its entertainment systems may be up for debate; contentions that the aircraft may be vulnerable are not.

Oracle patches buffer overflow bug VENOM

By

The security alert, issued Friday, addresses a serious buffer overflow vulnerability in QEMU's virtual Floppy Disk Controller (FDC).

Cisco issues updates to address multiple TelePresence vulnerabilities

Cisco issues updates to address multiple TelePresence vulnerabilities

By

The vulnerabilities are in a variety of Cisco TelePresence products and users are being advised to update.

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

DHS adds more bug disclosures to Hospira drug pump alert, FDA joins call

By

ICS-CERT is now aware of more vulnerabilities impacting Hospira infusion pumps.

United Airlines bug bounty program pays in air miles

By

United Airlines has become the first airline to offer a bug bounty program - and researchers will receive air miles, not dollars, for their discoveries.

Under-secured SOHO routers leveraged in DDoS attack campaign

By

Incapsula found that each compromised router was, on average, infected with four variants of MrBlack malware, which is used for DDoS attacks.

'VENOM' vulnerability enables virtual machine escapes

'VENOM' vulnerability enables virtual machine escapes

By

A vulnerability in virtual floppy drive code used by numerous computer virtualization platforms has been identified by a researcher with CrowdStrike.

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

Microsoft patches 30 bugs with 13 bulletins on Patch Tuesday

By

Microsoft issued 13 bulletins today in possibly one of its last official Patch Tuesday releases.

Adobe plugs critical bugs in Reader, Acrobat and Flash Player

By

The company patched dozens of critical vulnerabilities for users on Windows, Macintosh and Linux platforms.

Apple updates Safari, fixes multiple bugs

By

The technology company patched vulnerabilities in older Safari versions on Wednesday.

Millions of WordPress websites vulnerable to XSS bug

Millions of WordPress websites vulnerable to XSS bug

By

Sucuri disclosed an XSS vulnerability impacting millions of WordPress websites on the same day Fortinet disclosed a bug affecting a Joomla extension.

Advisory on CyberLock vulnerabilities draws fire from attorney

Advisory on CyberLock vulnerabilities draws fire from attorney

By

After allegedly notifying CyberLock of security flaws in some of its products, IOActive issued an advisory warning of the issues.

Study: Nearly all SAP systems remain unpatched and vulnerable to attacks

Study: Nearly all SAP systems remain unpatched and vulnerable to attacks

By

Onapsis found that most SAP systems remain vulnerable to attacks that could compromise a company's business data and processes.

ICS-CERT issues advisory on Hospira infusion pump flaws

ICS-CERT issues advisory on Hospira infusion pump flaws

By

An independent researcher identified the improper authorization vulnerability and insufficient verification of data authenticity flaw.

Vulnerability identified in eShop WordPress plugin

By

High-Tech Bridge Security Research Lab identified the vulnerability in the eShop plugin, which affects version 6.3.11 and likely lower.

Vulnerability enables downgrading of MySQL SSL/TLS connections

Vulnerability enables downgrading of MySQL SSL/TLS connections

By

A researcher with Duo Security identified the vulnerability, which exists in MySQL client libraries, as well as forks such as MariaDB and Percona.

FAA: Software bug impacts Boeing 787 electrical power

By

The aviation authority instructed operators to take "interim action" to prevent loss of AC electrical power, until a software fix is available.

Watch out for third-party apps

Watch out for third-party apps

Vendors bundling software with open source libraries caught the IT community unprepared, says Secunia's Kasper Lindgaard.

Flaw makes Trendnet, D-Link routers vulnerable to remote attack

Flaw makes Trendnet, D-Link routers vulnerable to remote attack

By

A security alert issued Friday warns of an unfixed bug in D-Link and Trendnet routers.

Several vulnerabilities identified in TheCartPress WordPress plugin

Several vulnerabilities identified in TheCartPress WordPress plugin

By

High-Tech Bridge identified multiple vulnerabilities in TheCartPress eCommerce shopping cart plugin for WordPress websites.

Attacker, posing as Tesla employee, gained access to car co.'s Twitter

By

Attackers compromised the Twitter feeds of Tesla and company co-founder Elon Musk where they posted false claims.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US