Vulnerabilities News, Articles and Updates
Eschewing the bug bounty route, a cybersecurity firm which detected a flaw in a medical device from St. Jude Medical, partnered with an investment firm to capitalize on its knowledge and short sell stock in the device manufacturer.
Rep. Ted Lieu (D-Calif.) is calling on the Federal Communications Commission (FCC) to accelerate its investigation of the SS7 flaw.
Cisco updated a security advisory for a remote code execution vulnerability affecting the SNMP application-layer protocol.
Citizen Lab and Lookout researchers detected an active spyware which exploited three iOS zero-day vulnerabilities.
Researchers across three universities have discovered seven classes of vulnerabilities in the sandboxing feature of Apple's iOS operating system.
Several public interest groups reached out to the FCC calling for action concerning the implementation of DSRC technology.
VMware released security updates this week to address a local privilege escalation vulnerability in its VMware Identity Manager and vRealize Automation software, as well as a remote code execution vulnerability in the latter product.
Juniper confirms exploits leaked by the Shadow Brokers group appear to affect its firewalls, but has not yet patched the vulnerabilities.
The threat from ransomware continues to grow and the situation will only get darker before mitigation efforts prove reliable and the miscreants move on to another attack vector, according to a panel of cybersecurity experts gathered in Manhattan on Wednesday for the Dell Data Security Ransomware Roundtable.
NYU scientists designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities in microchips.
Code leaked by the Shadow Brokers group has set off calls from security researchers and tech groups for a national conversation about vulnerability disclosure policy.
While most organizations believe providing workers with the best technology is imperative to business productivity, many struggle to optimize agility owing to traditional security mindsets, according to a new study by Okta.
Although a ransomware attack hit the city of Sarasota, Fla. in February, owing to an ongoing criminal investigation, details of the attack are only now being revealed.
A two-factor authentication (2FA) vulnerability affecting PayPal's login portal process has been patched.
An independent IT security research facility has reviewed Android, and despite constant charges of insecurity, found the mobile platform to be far from wanting ?
Updated! As it considers classifying the electoral system as critical infrastructure, the U.S. government has pledged to provide states with federal assistance to help manage voting cyber risks and taking additional steps to quell fears the election this fall could be hacked.
Bitdefender has discovered vulnerabilities in a popular brand of 'smart' electrical socket which could lead to attacks on your local area network or the recruitment of the IoT device as part of a global botnet.
Vulnerabilities affecting the implementation of proxy authentication could lead to an attacker launching man-in-the-middle attacks and intercepting HTTPS traffic possibly affecting including Apple, Microsoft, Opera, and Oracle products.
A Pakistani security researcher discovered a vulnerability affecting Chrome and Firefox browsers configuration of URLs in address bars.
A dangerous SQL Injection vulnerability has been disclosed and patched that could affect the Ninja Forms plugin for WordPress, impacting the 600,000 sites using that website construction software.
Nearly half of enterprises queried for a Mimecast survey were found to be ill-equipped to deal with threats from insiders.
The CERT Division of Carnegie Mellon University's Software Engineering Institute has reported multiple vulnerabilities in web-based help desk application ReadyDesk, version 9.1 and possibly others.
In what is being flagged as a threat to the health care sector, the source code of all of PilotFish Technology's software has been posted to the dark web.
Blackberry is pushing out a patch today that will make users of its PRIV and DTEK50 smartphone safe from QuadRooter, a vulnerability potentially impacting the 900 million devices in use powered by a Qualcomm processor.
Very perceptive: Talos researchers spot three vulnerabilities in Lexmark Perceptive Document FiltersAugust 16, 2016
Cisco's Talos division today publicly disclosed three new vulnerabilities in Lexmark's Perceptive Document Filters product that if exploited with specifically crafted code could result in remote code execution.
A settlement is brewing between The Home Depot and 50 million customers whose personally identifiable information was compromised in a hack in 2014.
Updated! Iran's Supreme National Cyberspace Council is investigating whether a recent string of oil and petrochemical fires were caused by a cyberattack.
Cisco has released an update to patch a vulnerability in its IOS XR Software for Cisco ASR 9001 Aggregation Services Routers that could lead to a denial of service condition.
The U.S. Department of the Interior must update its access controls to meet current standards, according to an inspector general report.
Samsung has not provided details of the critical vulnerability, which appears to be exclusive to the S6 edge, prompting speculation that the flaw may be related to the QuadRooter vulnerabilities.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak
- Trust exercise: Symantec's new website security expert is reaching out to hacker community
- Three zero-days found in iOS, Apple suggests users update their iPhone
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!