Vulnerabilities News, Articles and Updates
"Longstanding, systemic weaknesses" prevented the State Department from properly managing cybersecurity risks, according to an IG report.
The US-CERT issued an alert this week, warning of a "domain name collision" bug, causing certain DNS queries to be resolved on public instead of private or enterprise servers, exposing organizations to Man-in-the-Middle attacks.
A security update for Adobe Connect for Windows released Monday resolves an untrusted search path vulnerability in the add-in installer for Connect versions 9.5.2 and earlier.
Operation Ke3chang, the APT that in 2013 was discovered targeting Europe-based Ministries of Foreign Affairs, not only apparently remains active but also seems to be leveraging a new family of malware called TidePool.
As many as 100 people are believed to have taken part in a heist of nearly $13 million (USD) from 1,400 cash machines in Japan.
Updated: A worm that made its way into Ubiquiti Networks equipment through outdated AirOS firmware has wreaked havoc on ISPs and others that use the Ubiquiti networking platform.
Following reports of a cyberattack last year in which hackers stole $9 million from an Ecuadorean bank, SWIFT stated it is taking steps to create more information sharing practices.
Duo Labs researchers found that 60 percent of enterprise Android phones are affected by a critical QSEE vulnerability.
Cisco patched vulnerabilities affecting the company's Web Security Appliance devices that affect how the web filtering devices process traffic.
Cyphort Labs spotted a new Angler Exploit campaign that has already infected at least 19 websites.
VMware issued two product updates on Tuesday to patch and present workarounds for two vulnerabilities, one considered critical and the other important.
Apple has released a series of security updates to both tvOS, iOS, watchOS, OSX, Safari and iTunes.
Magento released a patch for a critical vulnerability that allowed unauthenticated users to execute PHP code remotely on the server using APIs.
A variant of the malware family Acecard was detected in the Google Play store by researchers at Lookout.
Roughly 77 percent of organisations are unprepared for cyber-security incidents according to research by NTT Com in its 2016 Global Threat Intelligence Report.
Remote attackers have been shut out of the IPsec code of Cisco Adaptive Security Appliance (ASA) Software following Tuesday's patch.
The "Privacy Shield", intended to replace 'Safe Harbour' agreements for transfers of personal data between the EU and the US are being debated by Members in the European Parliament and their US counterparts during their current visit to Washington and Silicon Valley (17 to 20 May).
The Open Smart Grid Protocol's (OSGP) home-grown RC4 encryption has been cracked once again. The easy-to-break, custom RC4 was cracked last year.
The new promotional website for season two of the USA Network's computer hacking drama Mr. Robot required an emergency patch after a white-hat hacker discovered a cross-site scripting vulnerability, according to a Forbes.com report.
A hacker calling himself Revolver yesterday advertised on Twitter that he was selling access to Pornhub servers for $1,000 after discovering an exploit, but the pornography video sharing website is disputing the veracity of this hack.
Google plans to begin phasing out support for Adobe's Flash Player by the end of this year, the search company announced on a Chromium forum.
The DHS yesterday issued its first-ever US-CERT security alert pertaining to the active exploit of an SAP application, after a security vendor determined 36 organizations were infiltrated via an SAP vulnerability that was disclosed over five years ago.
Mozilla asked a federal district court in Washington to compel the FBI to disclose a zero-day vulnerability in the Tor browser that authorities exploited to identify patrons of the Tor-based child pornography site Playpen.
7-Zip, a popular open-source file archiving application used to compress and decompress files, has issued patches for input validation vulnerabilities that can lead to remote code execution.
Pornhub is offering white hats between $50 and $25,000 for reporting qualifying vulnerabilities.
Mere hours after word spread last week of a remote code execution vulnerability in the image-processing software ImageMagick, bad actors were already actively exploiting it in the wild
Adobe will issue an update later this week for Flash Player to patch a vulnerability that is currently being exploited in the wild, and the company also released a slew of fixes for its Reader and Acrobat product lines.
Microsoft's May Patch Tuesday roll out contains 16 bulletins covering 37 vulnerabilities, with half of them being rated critical and possibly leading to remote code execution.
A Florida man who logged into a computer system with appropriated credentials now faces felony charges.
Appthority's Q2 2016 Enterprise Mobile Threat Report found Apple and Android should better vet their app stores.
SC Magazine Articles
- Some U.S. Bancorp workers' W-2 info exposed in ADP data breach
- Spearphishing attack nets $495K from investment firm
- Updated: Gmail, Yahoo email credentials among millions found on the dark web
- Report: Ransomware feeds off poor endpoint security
- Organizations need formal vendor risk management programs, study
- State Dept. criticized for poor records management, Clinton broke rules, IG report says
- APWG report: Phishing surges by 250 percent in Q1 2016
- Apple rehires crypto legend Jon Callas
- China's quantum communications satellite to improve data security, thwart hackers
- 34% of Brits willing to sacrifice their online safety for weight loss