Persistence pays off as security researcher nets bug bounty for unearthing an access control bypass allowing attackers to reset passwords if they know the usernames.
Google's Project Zero unveiled an Android hacking contest that aims to discover flaws on the Nexus 6P and 5X devices.
Developers wrong to choose simplicity over security
The latest In Case You Missed It (ICYMI) looks at SC Awards winners; Flawed app in Lenova; TeamViewer potential flaw; ex-staff with access; ransomware rise continues.
WhiteHat Security's vice president, Ryan O'Leary, says "security has to come from within", explaining that "no vendor will be able to help you if you don't secure your software or web application from the get-go."
Security researchers have discovered 1,418 flaws in outdated medical equipment still in use by some healthcare providers.
A critical authentication bug has been discovered in Advantech's EKI series of Modbus-to-TCP/IP gateways.
A bug bounty programme will be launched later this year by the Tor Project to help steer security researchers to report issues that they find in software in a responsible manner.
Another emergency patch to guard against exploits in the wild
Encryption flaws can be found in over 80 percent of mobile devices and an application written in the scripting languages PHP, ColdFusion and Classic ASP are more prone to having serious flaws.
Node.js admits to two critical security flaws but delays patching
Dangerous vulnerabilities have been discovered in network-connected alarm systems by British penetration tester, Andrew Tierney.
The modem flaw could have enabled hackers to take over PCs and launch DoS attacks
Vulnerability could have allowed hackers to siphon off data from Firefox servers
Flaw hits all versions of Windows; infects when USB peripheral is mounted
A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.
The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.
This week's ICYMI column looks at Tor sniffing, old-school router attacks and the fallout from the Hacking Team data breach.
LG appears to have changed its mind about patching a security flaw in its Android smart phones which was discovered by security researchers last year.
Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash
Fresh from paying out US$ 1.5 million (£960,000) to security researchers who found bugs in the Chrome browser and other products last year, Google is expanding its bounty rewards programme so to include its Android operating system and devices running on it.
This week's ICYMI column looks at a tea shop data breach, analysis on the Venom flaw and concerns over 'burnt-out' security professionals.
Researchers say the new 'LogJam' encryption flaw could be used by attackers to downgrade Transport Layer Security (TLS) connections to 512-bit export-grade cryptography, to crack that connection and read any data being transmitted. The flaw affects thousands of web and email servers, as well as VPNs.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry