Vulnerabilities

Donation campaign launched, aimed at OpenSSL audit

By

Bugcrowd, an Australian security start-up, will organize the funding drive in hopes to further secure the open source software.

Arrested Canadian hacker 'believed' to have exploited Heartbleed bug

Arrested Canadian hacker 'believed' to have exploited Heartbleed bug

By

The Royal Canadian Mounted Police arrested a 19-year-old man in Ontario who they believe exploited the Heartbleed bug to steal information from a federal agency.

Researchers uncover critical flaws impacting satellite communications

Researchers uncover critical flaws impacting satellite communications

By

Critical security issues that leave satellite communications vulnerable to being intercepted, manipulated or blocked were detailed in a white paper.

WhatsApp bug allows for interception of shared locations

By

Researchers identified a vulnerability in WhatsApp that could enable an attacker to intercept shared locations using a man-in-the-middle attack, or a rogue access point.

Most Heartbleed detection tools have bugs of their own, firm finds

By

London-based CNS Hut3 warns that flaws in many Heartbleed detection tools could give companies a "false sense of security."

Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

Galaxy S5 fingerprint scanner bypassed using old Apple Touch ID spoof

By

A fingerprint spoof created in September 2013 to bypass the Touch ID on the iPhone 5s was used to bypass the fingerprint scanner on the Samsung Galaxy S5, which was released on Friday.

Oracle fixes 104 flaws in quarterly update, addresses Heartbleed bug

Oracle fixes 104 flaws in quarterly update, addresses Heartbleed bug

By

Oracle's Critical Patch Update (CPU) plugged 37 holes in the popular Java browser plug-in.

The Heartbleed bug works, and could be a scapegoat for older breaches

The Heartbleed bug works, and could be a scapegoat for older breaches

By

Researchers proved the Heartbleed bug was real in a challenge issued by CloudFlare to prove private keys can be stolen, right around the time companies are claiming they were breached because of the critical flaw.

Yahoo quickly fixes Flickr SQL injection, remote code execution flaws

By

A quick fix was issued to Flickr SQL injection flaws that could open the door for remote code execution after a researcher identified the issues and reported it to Yahoo.

Revenue Canada: Heartbleed exploit used in taxpayer breach

By

The social insurance numbers of 900 taxpayers were accessed in the breach, according to the agency.

Heartbleed bug not leveraged for surveillance, NSA says

Heartbleed bug not leveraged for surveillance, NSA says

After a Bloomberg article reported that unnamed sources indicated that the NSA knew of the major flaw and utilized it for surveillance purposes, the agency denied the claims.

DHS puts critical infrastructure on 'Heartbleed Bug' alert

DHS puts critical infrastructure on 'Heartbleed Bug' alert

By

This week, critical infrastructure operators were notified of potential threats arising from the critical OpenSSL flaw.

Google Chrome bug enables stealthy tapping of microphones

By

A vulnerability in Google Chrome can allow an attacker to stealthily listen in on someone, even if microphone access is blocked.

'Heartbleed bug' leads Canada Revenue Agency to suspend tax efiling

By

The Heartbleed Bug is a critical OpenSSL flaw said to leave online information, including payment card data, vulnerable to being exposed.

Vulnerable organizations respond to encryption-breaking 'Heartbleed Bug'

Vulnerable organizations respond to encryption-breaking 'Heartbleed Bug'

By

Organizations vulnerable to the SSL/TLS encryption-breaking Heartbleed Bug, a critical vulnerability in widely used versions of the OpenSSL library, are updating quickly.

Critical Adobe Flash Player vulnerabilities addressed in Tuesday update

By

A Tuesday update addresses critical Adobe Flash Player vulnerabilities that could allow an attacker to take control of Windows, Macintosh and Linux systems.

Blackberry issues update for remote code execution vulnerability

By

Blackberry issued an advisory yesterday warning Blackberry 10 customers that a remote code execution vulnerability could threaten their phones' security.

GovWin IQ hacked, payment card data of 25,000 Deltek customers at risk

By

Roughly 80,000 Deltek customers may have information at risk, including payment card data for 25,000 of them, after an attacker hacked into Deltek's GovWin IQ system.

Microsoft releases final fixes for Windows XP, Office 2003

Microsoft releases final fixes for Windows XP, Office 2003

By

This month's Patch Tuesday marks the end of support for the dated, but widely used, products.

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

By

Internet communications utilizing SSL/TLS encryption may be at risk due to the Heartbleed Bug, a critical vulnerability in widely used versions of the OpenSSL library.

Yahoo changes tune, fixes Flickr invite disclosure bug

By

A Flickr flaw that Yahoo initially would not recognize as a bug has now been fixed, and the internet corporation is compensating the bug bounty hunter that brought it to attention two months ago.

HHS reveals "high-risk" security issues at Medicaid agencies

HHS reveals "high-risk" security issues at Medicaid agencies

By

An HHS report, based on audits between 2010 and 2012, noted serious vulnerabilities affecting 10 state Medicaid agencies.

Android app vulnerabilty puts Chinese users at-risk

By

The vulnerability allows fake apps to hijack real app updates then uses them to steal stored information.

Microsoft previews last Patch Tuesday update for Windows XP

Microsoft previews last Patch Tuesday update for Windows XP

By

The company also revealed that a zero-day flaw in Word 2010 will be patched next week.

XSS vulnerability in popular video site enables unique DDoS attack

XSS vulnerability in popular video site enables unique DDoS attack

By

Website security company Incapsula defended a client from a DDoS attack that was carried out using a persistent XSS vulnerability in a highly popular site that hosts video content.

Five-year-old discovers Xbox bug, accesses dad's account to play mature games

By

A five-year-old figured out a bug in Xbox One that allowed him to log into his dad's account and have fun with games he was told not to play.

iOS 7.1 bug enables iCloud account deletion, disabling Find My iPhone, without password

By

A bug demonstrated by a YouTube user on Wednesday may enable a thief to delete an iCloud account, disable Find My iPhone, and ultimately restore the device, without the need of a password.

Apple's Safari update addresses 27 vulnerabilities

By

Apple's Tuesday update to Safari 7.0.3 and 6.1.3 fixes 27 vulnerabilities, most of which can enable arbitrary code execution.

Coinbase responds to information disclosure, user enumeration, other concerns

Coinbase responds to information disclosure, user enumeration, other concerns

By

Coinbase responded to a researcher's claims that the San Francisco-based Bitcoin exchange is vulnerable to information disclosure, user enumeration, and lack of rate limitation for sending money requests.

Threat of the month: Linksys router zero-day

Threat of the month: Linksys router zero-day

This month's vulnerability is currently being exploited by a worm known as "TheMoon."

Sign up to our newsletters

POLL