Vulnerabilities

Weak server entry point in JPMorgan Chase breach

By

A server not upgraded with two-factor authentication is the likely way hackers got into JPMorgan's system, the New York Times reported.

Report: SS7 flaws enable listening to cell phone calls, reading texts

Report: SS7 flaws enable listening to cell phone calls, reading texts

By

Vulnerabilities in Signaling System 7 make it possible for anyone to listen in on phone calls and read text messages, even if encrypted.

Git client discloses critical security vulnerability

By

An advisory is warning all users of GitHub for Windows and GitHub for Mac to update their clients as soon as possible.

Researchers find 'CoolReaper' backdoor in CoolPad devices

By

Palo Alto Networks Unit 42 researchers have identified the backdoor on numerous devices, so far leaving more than 10 million users vulnerable.

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk

By

The vulnerability can enable attackers to steal credentials and personal and business data, as well as infect machines with malware.

Closing the web app data security gap: Dynamic data masking for web applications

The rigidity of web application security controls has left the enterprise vulnerable to data breach.

Contending with online thieves and fraudsters

As we all gear up for the holidays with plans to purchase any number of items online, cyberthieves too are gearing up with more and more creative ways to steal money, credentials and critical data from any number of organizations.

Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more

Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more

By

Alert Logic discovered the bug, which is susceptible to exploitation due to the default installation process used by Linux.

Firefox, IE11 zero-day bugs possibly targeted in 'SoakSoak' WordPress malware attacks

By

Attackers exploiting a bug in the Slider Revolution plugin to compromise WordPress websites with malware may also be targeting zero-day vulnerabilities in Firefox and Internet Explorer 11.

URL flaw discovered for airline mobile boarding passes

By

A URL flaw that impacts mobile boarding passes for airlines, such as Southwest and Delta, was discovered on Tuesday.

Researcher identifies XSS vulnerability affecting Citibank website

By

A researcher identified a cross-site scripting vulnerability affecting the Citibank website, which has yet to be patched.

More than 100K WordPress sites compromised by malware due to plugin vulnerability

More than 100K WordPress sites compromised by malware due to plugin vulnerability

By

WordPress websites are being infected with malware through a previously disclosed vulnerability in the Slider Revolution plugin.

ICS-CERT: BlackEnergy may be infecting WinCC systems lacking recent patch

By

BlackEnergy malware may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November.

Suit: Comcast public WiFi hotspot network uses home modems, drives up customer costs

Suit: Comcast public WiFi hotspot network uses home modems, drives up customer costs

By

In a class-action suit filed in federal court, a father-daughter duo accuses Comcast of using their routers to create public Wi-Fi hotspots, increasing their electricity costs and leaving them vulnerable to security issues.

Numerous flaws discovered in Google App Engine

By

Security researchers believe there are more than 30 vulnerabilities present in the development and hosting platform.

POODLE back to bite TLS connections

By

Google has taken steps to diminish the POODLE threat by "killing off SSLv3," but now the flaw threatens Transport Level Security.

XSS vulnerabilities found on TripAdvisor and Uber websites

By

Researchers have uncovered XSS vulnerabilities at the travel and car service sites.

Adobe release addresses Flash Player bug being actively targeted, includes other critical fixes

Adobe release addresses Flash Player bug being actively targeted, includes other critical fixes

By

A vulnerability in Adobe's Flash Player was not included in its pre-notification security advisory Friday, and is currently being targeted by attackers.

Bill introduced, bans government mandates to build weaknesses into technologies

By

U.S. Senator Ron Wyden introduced the Secure Data Act on Thursday to prohibit federal agencies from mandating that backdoors and other security vulnerabilities be built into U.S. software and electronics.

Upcoming Adobe release to address critical Reader, Acrobat bugs

By

Upon its release, Windows and Microsoft users are urged to update the software to address the vulnerabilities that have been given a priority rating of "1".

SpoofedMe attacks compromise legitimate Nasdaq.com, Spiceworks accounts, among others

SpoofedMe attacks compromise legitimate Nasdaq.com, Spiceworks accounts, among others

By

IBM researchers discovered a vulnerability in social login identity providers and their relying websites that left legitimate accounts open to attackers' control.

Vulnerability found in Infinite WP Wordpress client

By

A Sucuri researcher found a vulnerability that could allow a malicious attacker to take over a user's sites and put them into maintenance mode.

Google fixes Lollipop 5.0 reset flaw

By

Google issued a Lollipop 5.0.1 update that addresses a bug that could prompt an Android device to reset, deleting files and data.

Cloudy with a chance of flaws

Any number of industry pundits have noted the prevalence of major vulnerabilities this year, especially when accounting for Heartbleed, Shellshock and POODLE.

Critical bugs fixed in Firefox 34, SSL 3.0 support disabled

Critical bugs fixed in Firefox 34, SSL 3.0 support disabled

By

The Monday release of Firefox 34 provides fixes for several vulnerabilities and also disables support for SSL 3.0.

Doctoral student finds XSS vulnerability on Weather.com

By

Wang Jing wrote that the The Weather Channel's site used URLS to create its tags without filtering malicious script codes, which left them vulnerable to attack.

Adobe updates Flash Player, further addresses old vulnerability

By

The latest update of the software provides futher hardening against a vulnerability that was mitigated in the Oct. 14, 2014 release.

APT operation 'Double Tap' exploits serious Windows OLE bug

APT operation 'Double Tap' exploits serious Windows OLE bug

By

The group, APT3, is also believed to be behind Operation Clandestine Fox, which used social engineering to lure victims into installing malware.

'DoubleDirect' MitM attack affects iOS, Android and OS X users

'DoubleDirect' MitM attack affects iOS, Android and OS X users

By

Security firm Zimperium detected attacks in the wild over the past six to eight months.

Critical XSS vulnerability addressed in WordPress

Critical XSS vulnerability addressed in WordPress

By

A critical cross-site scripting vulnerability was addressed, which could enable an anonymous user to compromise a site.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US