Tests conducted using automated tools and various black-, gray-, and white-box methods on 23 web applications revealed that attackers could obtain personal data from 44 percent of applications handling that information.
In the wake of June 2018 Patch Tuesday, alerts and patches were issued for another speculative execution vulnerability affecting Intel, a git issue with Apple and a flaw in the BIND open-source DNS software.
The developers of third-party security products for Macs are issuing patches after researchers realized their software was not properly interacting with Apple's code-signing API. Without the patch, attackers can craft malicious files capable of bypassing the code-signing process, making it look like their code is legit software approved by Apple.
Foscam home security issued an update for its home security systems after researchers found several vulnerabilities which if combined, could allow an attacker to gain root access to the cameras (via LAN or internet.
Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.
The Mozilla Foundation Security has released an advisory to patch critical vulnerabilities in Firefox and Firefox ESR products which could allow a remote attacker to take control of an affected system.
Positive Technologies has elaborated on a critical remote code execution vulnerability its researchers discovered in the web interface of Cisco's Access Control Server (ACS), reporting that the bug can be leveraged to perform man-in-the-middle attacks, steal credentials, access network resources and intercept traffic.
Adobe Systems today issued patches for four software vulnerabilities in Flash Player, including a zero-day flaw that attackers have been exploiting in the wild in targeted attacks against Windows users in the Middle East, possibly in Qatar.
Cisco Systems yesterday issued 28 security updates that patch vulnerabilities found in a variety of products, including two critical bugs that were assigned a CVSS (Common Vulnerability Scoring System) base score of 9.8.
A survey of 2.5 million domains looked for configurations publicly exposed, found 9,637 exposed organizations, then used a random sample of 171 public organizations to determine nearly 3,000 domains were leaking sensitive data.
The company didn't specify whether or not user information has been compromised but did acknowledge the incident in a tweet.
Major vulnerabilities in the EOS blockchain and smart contracts platform may push back the Mainnet launch scheduled for June 2.
The DTS challenge is part of the Defense Department's Hack the Pentagon bug bounty program.
Vulnerability patched in Git source code versioning software. Security researchers have discovered a number of flaws in Git that could have enabled hackers to run remote code on a victim's PC.
Several German researchers have shown a proof of concept attack indicating virtual machines using AMD's secure encrypted virtualization (SEV) are susceptible to being hacked.
More than 1,000 owners of Wi-Fi routers were left exposed to potential cyber-attacks after Singapore Telecommunications Limited forgot to secure port 10000 in its Wi-Fi gigabit router devices.
Google on Tuesday released version 67.0.3396.62 of the Google Chrome operating system for Windows, Mac and Linux to its stable channel, in the process solving 24 vulnerabilities and introducing its "Site Isolation" security feature to additional users.
Open Bug Bounty has added a new free service that will allow organizations to create their own bug bounty program.
Schneider Electric patched a vulnerability (CVE-2018-7783) in its SoMachine Basic that could result in the disclosure or retrieval of data during an out-of-band attack.
The secret lives of pets -- and their owners -- may not be so secret anymore if attackers take advantage of the dozen vulnerabilities that researchers recently observed while analyzing smart devices used to track animals and their activity.
While banks have built effective barriers for external attacks, researchers warn they have not done nearly as much work to fight threats on their internal networks.
The next-generation of Spectre speculative execution vulnerabilities in CPUs from AMD, ARM, and Intel has arrived in the form of Variants 3a and 4, following highly anticipated public disclosures from Google's Project Zero and Microsoft Corporation [1, 2].
Google is looking into the possibility of requiring device manufacturers to regularly patch their devices, by incorporating such a provision into future OEM agreements, Google head of Android security David Kleidermacher announced in a presentation at the Google I/O Developer Conference last week.
Joshua Adam Schulte has not yet been charged with leaking classified information but is being held in the Metropolitan Correctional Center in New York after being indicted for possession of child pornography.
Cryptominers targeting Oracle's patched WebLogic vulnerability from 2017 have caused a spike in malicious traffic targeting Port 7001.
Mexican authorities are investigating suspect a bank hack that siphoned hundreds of millions of pesos out of at least five banks.
After patching a confusion flaw in Flash last week, Adobe announced new security updates for Adobe Acrobat and Reader for Windows and MacOS.