Vulnerabilities News, Articles and Updates

Zerodium offering $1.5 million for a Apple iOS 10 remote jailbreak

Zerodium offering $1.5 million for a Apple iOS 10 remote jailbreak

By

The security firm Zerodium announced an increase in bounty prices for zero-day exploits with the top prize now being $1.5 million for and Apple iOS 10 remote jailbreak, a $1 million increase.

Is Microsoft exposing the supply chain by hardening the enterprise Edge?

Is Microsoft exposing the supply chain by hardening the enterprise Edge?

Microsoft has announced it is to harden the Edge browser for enterprise users.

End-of-support devices on networks weakening cyberdefenses, report

End-of-support devices on networks weakening cyberdefenses, report

By

Nearly three-quarters of businesses have end-of-support devices operating in their networks, and the consequences could prove dire, a new study found.

Tesla security updates includes code signing feature

Tesla security updates includes code signing feature

By

Tesla has releases a major firmware update in response to a video posted by a group of Chinese researchers that displayed a series of vulnerabilities the electric car company's vehicles.

SWIFT introduces daily reporting system for member customers

SWIFT introduces daily reporting system for member customers

By

SWIFT has introduced a daily reporting system intended to help members of the financial messaging system identify fraudulent payments made over the network.

Researcher rewarded for finding Facebook Business Manager account takeover flaw

Researcher rewarded for finding Facebook Business Manager account takeover flaw

By

Security researcher Arun Sureshkumar earned $16,000 after disclosing a vulnerability in Facebook Business Manager that, if exploited, could have allowed attackers to take over a targeted victim's Facebook page.

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

Hackers crack Tesla CAN Bus, DoT issues policy for securing connected car

By

Researchers claim they were able to crack into Tesla's CAN Bus to achieve remote control of the electric car and the DoT just issued a new policy concerning automated vehicles.

Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

By

Cisco issued an advisory for a flaw that the company has linked to exploits released by the Shadow Brokers group.

Researcher demos how FBI could've easily unlocked San Bernardino iPhone sans Apple

Researcher demos how FBI could've easily unlocked San Bernardino iPhone sans Apple

By

A Cambridge University researcher recently published a paper demonstrating how the FBI could have easily unlocked the San Bernardino shooter's iPhone.

Security advisories issued for VMware

Security advisories issued for VMware

By

"Multiple security issues" were patched for a number of VMware products.

Sites associated with both presidential contenders spring leaks

Sites associated with both presidential contenders spring leaks

By

Data theft knows no boundaries. Personal information has been siphoned out from databases connected to both presidential campaigns.

Google Chrome releases stable channel update

Google Chrome releases stable channel update

By

Google Chrome released a stable channel update for its desktop applications for Windows, Mac and Linux.

Are our data centres insecure?

Are our data centres insecure?

Vectra Networks is claiming that attackers are turning their attention to data centres. Are our data centres as secure as we think they are?

Independent researcher spots unpatched MySQL vulnerability

Independent researcher spots unpatched MySQL vulnerability

By

Information security researcher Dawid Golunski spotted several critical vulnerabilities in MySQL.

CFTC imposes cybersecurity rules for U.S. commodities, derivatives firms

CFTC imposes cybersecurity rules for U.S. commodities, derivatives firms

By

The new rules are designed to enhance and clarify existing requirements relating to cybersecurity testing and system safeguards risk analysis.

Pentagon faulted for lack of cyber preparedness, GAO report

Pentagon faulted for lack of cyber preparedness, GAO report

By

The Department of Defense does not have the necessary visibility into the cyber capabilities of the National Guard, according to a report by the GAO.

Pornhub, RedTube ditch Flash to hook up with HTML5

Pornhub, RedTube ditch Flash to hook up with HTML5

By

Adult content site Pornhub announced Tuesday that it will switch from using Flash-based content and instead opt for HTML5.

Leaked Rambler data highlights long-term risk post-breach

Leaked Rambler data highlights long-term risk post-breach

By

100 million user passwords from a 2012 breach at Russian internet giant Rambler were leaked online.

UAE medical centre hit, hacker claims good intentions

UAE medical centre hit, hacker claims good intentions

A medical centre in the UAE has been modestly breached by a hacker who claims to want to teach them a lesson in security.

WordPress update fixes XSS issues

WordPress update fixes XSS issues

By

Bloggers using the WordPress platform are "strongly encouraged" to update their sites immediately to address persistent XSS issues.

Google patches 57 Android vulnerabilities, attempts to resolve Mediaserver attacks

Google patches 57 Android vulnerabilities, attempts to resolve Mediaserver attacks

By

Google has released patches for 57 security vulnerabilities affecting Android devices. Eight of the flaws were issued a "critical" rating.

Yelp takes bug bounty program public

Yelp takes bug bounty program public

By

Yelp will offer up to $15,000 to researchers who discover the "most impactful" vulnerabilities.

Congressional report faults OPM over breach preparedness and response

Congressional report faults OPM over breach preparedness and response

By

The massive breach at the U.S. Office of Personnel Management (OPM) might have been prevented had the agency followed basic cybersecurity guidelines, a congressional investigation claimed.

Apple issues updates to prevent spying on desktop

Apple issues updates to prevent spying on desktop

By

Last week, Apple issued security updates to patch a serious flaw affecting iPhone and iPad users. Yesterday it addressed a similar flaw on its desktops.

Chrome's newest version contains 33 security fixes; Cisco patches two critical vulnerabilities

Chrome's newest version contains 33 security fixes; Cisco patches two critical vulnerabilities

By

On the same day that Cisco issued 12 advisories addressing vulnerabilities in its product line -all but one resolved via updates - Google yesterday announced the stable release of Chrome 53, which contains 33 of its own security fixes.

Researcher claims ambient light sensors could leak data

Researcher claims ambient light sensors could leak data

By

Researcher Lukasz Olejnik claims Ambient Light Sensors in personal devices could be used to track users and even measure the size of their homes.

Google refuses to patch alleged login page flaw

Google refuses to patch alleged login page flaw

By

Google is refusing to patch an alleged faulty Login Page after an independent researcher claimed to have spotted a bug.

Millions of IoT devices enlisted into DDoS bots with Bashlite malware

Millions of IoT devices enlisted into DDoS bots with Bashlite malware

By

A family of malware targeting Internet of Things (IoT) devices to create distributed denial of service (DDoS) botnets has been detected.

Adobe issued hotfix for critical information disclosure vulnerability in ColdFusion

Adobe issued hotfix for critical information disclosure vulnerability in ColdFusion

By

Adobe today has released security hotfixes for a critical information disclosure vulnerability that exists in ColdFusion versions 10 and 11, across all platforms.

Flaw in Facebook password resets could allow random account takeovers; severity of bug disputed

Flaw in Facebook password resets could allow random account takeovers; severity of bug disputed

By

An independent researcher found a way to theoretically take over random Facebook accounts by forcing millions of user password resets and then brute-forcing each reset request to check for a specific six-digit authorization code.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US