Vulnerabilities

PCI compliance: Compensating controls for increased security

With credit card data theft growing at an alarming rate and undermining consumer confidence, organizations are investing in their network security for PCI compliance - only to realize that being compliant does not mean they're protected against advanced cyberattacks.

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed

By

In both the OS X and iOS updates, Apple addressed CVE-2015-4000 in coreTLS, also known as Logjam.

Unencrypted GoPro updates leave users vulnerable to attack

By

GoPro Studio sends update requests and receives updates over unencrypted connections leaving users vulnerable to attack.

GAO issues report on Department of Treasury bureau

By

The U.S. Government Accountability Office identified nine new deficiencies in the Department of Treasury's Bureau of Fiscal Service's information systems.

Cisco addresses default SSH keys in multiple products

Cisco addresses default SSH keys in multiple products

By

Software updates were released for Cisco Web Security Virtual Appliance, Cisco Email Security Virtual Appliance, and Cisco Security Management Virtual Appliance.

Understanding SSL/TLS best practices and application protection

Websites are under attack. In the last year, new vulnerabilities have been uncovered that allows malicious attackers to undermine security that organizations put in place to protect themselves and their end users sensitive information.

Michigan State Audit finds several department systems vulnerable

Michigan State Audit finds several department systems vulnerable

By

Michigan's DTMB failed to establish effective security management and access controls for several departments within the state, according to the Single Audit Report.

Google releases Chrome update

By

Google Chrome was updated to address multiple vulnerabilities, including two that were classified as 'high' severity.

APT group exploits Adobe Flash Player zero-day in phishing operation

APT group exploits Adobe Flash Player zero-day in phishing operation

By

Adobe addressed the high priority vulnerability, CVE-2015-3113, on Tuesday by issuing a Flash Player patch for Windows, Macintosh and Linux.

RLE Nova-Wind Turbine HMI stores credentials in a plaintext file

RLE Nova-Wind Turbine HMI stores credentials in a plaintext file

By

If an attacker is able to recover the file, then they can authenticate to the HMI and modify configurations and settings.

LinkedIn opts for 'invitation-only' bug bounty program, pays out $65K in recent months

LinkedIn opts for 'invitation-only' bug bounty program, pays out $65K in recent months

By

LinkedIn's director of information security shared that the private bug bounty program was formalized in October.

Drupal patches multiple vulnerabilities in versions 6 and 7

By

Four bugs were addressed Wednesday a critical vulnerability allowing user impersonation, two open redirect flaws and an information disclosure bug.

Samsung devices, including Galaxy S6, vulnerable to remote code execution

Samsung devices, including Galaxy S6, vulnerable to remote code execution

By

NowSecure detailed a vulnerability in Samsung's pre-installed Swift keyboard app that leaves device owners vulnerable to remote code execution.

Researchers identify weaknesses in Apple's OS X and iOS

Researchers identify weaknesses in Apple's OS X and iOS

By

The weaknesses can be exploited to steal user passwords, secret tokens and sensitive documents, the researchers said.

Kaspersky points to stolen digital ceritficates in Duqu 2.0 attack

Kaspersky points to stolen digital ceritficates in Duqu 2.0 attack

By

The attackers behind the Duqu 2.0 malware that targeted Kaspersky Lab may have used stolen digital certificates from legitimate hardware manufacturers.

Study: 15-30 percent of eCommerce site visitors infected with CSIM

Study: 15-30 percent of eCommerce site visitors infected with CSIM

By

Startup security company Namogoo says that 15-30 percent of eCommerce site visitors are infected with client side injected malware (CSIM).

Google launches Android Security Rewards program

Google launches Android Security Rewards program

By

Researchers can earn thousands of dollars for identifying vulnerabilities in the latest versions of Android for the Nexus 6 and Nexus 9.

Researcher identifies vulnerabilities in Uber petition website

Researcher identifies vulnerabilities in Uber petition website

By

Researcher Austin Epperson found that he could create more than a thousand fake entries per minute and could also redirect visitors to Lyft.com, an Uber rival.

OpenSSL patches and releases new versions

By

The OpenSSL Project released OpenSSL 1.0.2b, 1.0.1n, 1.0.0s and 9.9.8zg, which patched five security issues, including the Logjam vulnerability.

Bug identified in WooCommerce plugin for WordPress websites

By

Sucuri identified an object injection vulnerability in the WooCommerce plugin, which it deemed dangerous because it could lead to a full site compromise.

SC Congress Toronto: DDoS trends show SaaS apps, home routers increasingly targeted

SC Congress Toronto: DDoS trends show SaaS apps, home routers increasingly targeted

By

Dave Lewis, global security advocate at Akamai, highlighted attack trends at SC Congress Toronto.

Moving beyond passwords with mobile

Digital Identity is the foundation for granting user access in today's connected enterprise. Dated authentication approaches fall short on both security effectiveness and user experience.

Survey: 75 percent of companies have significant risk exposure

Survey: 75 percent of companies have significant risk exposure

More than 400 security pros from companies of all sizes in 61 countries completed self-assessment tests against NIST Cybersecurity Framework for RSA's Cybersecurity Poverty Index.

Mozilla updates Firefox bug bounty program

By

As part of its updated Firefox bug bounty program, Mozilla is offering increased rewards and payouts for bugs rated moderate in severity.

Researcher who found Hospira drug pump flaws says more models are vulnerable

Researcher who found Hospira drug pump flaws says more models are vulnerable

By

Security researcher Billy Rios has verified that more Hospira infusion pumps are vulnerable to the same security issues, since they use "identical software."

Tesla bug bounty program offers rewards of up to $1,000

By

As far as vehicles and products are concerned, vulnerabilities must be reported directly to Tesla and will be assessed on a case-by-case basis.

Garage doors vulnerable to hacking from children's toy

By

Samy Kamkar, a security researcher, modified a discontinued children's toy to open up any garage door that uses a fixed code system.

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected

By

TrapX published a report on "medical device hijack," or MEDJACK, which allows attackers to build backdoors into healthcare providers' networks.

Three Adobe Flash Player zero-days profiled in case study

By

Three Adobe Flash Player zero-day vulnerabilities discovered this year were distributed through exploit kits and used malvertising as their primary infection vector.

A break in the clouds: Best practices for solving cloud infrastructure challenges to traditional security

Everything is different in the cloud. Including security.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US