Vulnerabilities & Flaws

Microsoft to deliver 13 security patches for 26 bugs

Dan Kaplan February 08, 2010

After a quiet January Patch Tuesday that saw only one security update, Microsoft is back with a vengeance this month.
 

IIS issue not a new vulnerability, says Microsoft

Dan Kaplan January 04, 2010

Microsoft has shot down reports that its Internet Information Services (IIS) suffers from a vulnerability, saying that customers only need to worry if they are running a nondefault configuration of the web server.
 

Encryption protecting most mobile phones cracked

Angela Moscoritolo January 04, 2010

Computer security researchers say they have cracked the encryption algorithm used to protect most cell phone communications, potentially allowing attackers to listen in on the calls of billions of individuals.
 

Microsoft patch batch includes fix for zero-day IE flaw

Dan Kaplan December 09, 2009

Microsoft delivered its monthly security update on Tuesday to rectify 12 vulnerabilities, five of which are present in Internet Explorer (IE) and comprise the most pressing patch to deploy.
 

Researcher demonstrates Pentagon XSS vulnerability

Dan Kaplan December 09, 2009

A months-old cross-site scripting (XSS) vulnerability affecting the website for the Pentagon was brought to light again this week when a researcher posted two attack scenarios.
 

Facebook bloggers reveal way to peek at private profiles

Dan Kaplan June 23, 2009

Two Facebook fans generated a load of free publicity for their new blog when, in their maiden post, disclosed a vulnerability in the social-networking website that could enable outsiders to view parts of profiles that are set to private.
 

"Nine-Ball" mass injection attack compromised 40,000 sites

Angela Moscoritolo June 18, 2009

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites, which are, in turn, infecting users with an information-stealing Trojan, according to security vendor Websense.
 

Google responds to call for more security

Chuck Miller June 18, 2009

In response to an open letter from dozens of noted security analysts, Google this week said it intends to more broadly turn on security features in its Gmail application by default.
 

URL shortening site hacked to redirect millions of links

Chuck Miller June 17, 2009

The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.
 

Proof of concept released for Google Gmail CSRF flaw

Angela Moscaritolo March 06, 2009

A vulnerability in Google's Gmail that enables cross-site request forgery (CSRF) attacks has been recognised since 2007, but a proof-of-concept (PoC) was only released on Tuesday.
 

Microsoft says password stealers pose biggest threat

Angela Moscaritolo February 24, 2009

The top two threat families on Microsoft's detection and removal list this month are online game password stealers (PWS).
 

Researchers expect widespread exploit of Adobe PDF flaw

Dan Kaplan February 23, 2009

Attackers are actively exploiting a gaping zero-day hole in versions 9 and earlier of Adobe Acrobat and Reader, the company has warned.
 

Eight Microsoft fixes planned for Patch Tuesday

Dan Kaplan December 05, 2008

Microsoft plans to release eight patches on Tuesday - six for "critical" vulnerabilities - as part of its monthly security update.
 

Report: Nearly all computer users running insecure programs

Angela Moscaritolo December 04, 2008

Only two per cent of computer users are fully patched and the other 98 per cent are running at least one insecure, unpatched program, security firm Secunia said this week.
 

Worm exploiting Microsoft vulnerability developing into botnet

Angela Moscaritolo December 03, 2008

The "W32.Downadup" worm, exploiting the patched Microsoft's Windows Server Service (MWSS) vulnerability, is the key component in a developing botnet, researchers at Trend Micro said this week.
 

Beware unauthorised web browsers, says Sophos

Joy Persaud August 07, 2008

Most network administrators want to secure their organisations from 'rogue' web browsers, according to IT firm Sophos.
 

Poorly implemented Citrix poses security risk

Joy Persaud August 06, 2008

Organisational security could be at risk if Citrix is not implemented carefully, according to tests carried out by Global Secure Systems (GSS).
 

X-Force at mid-year: Cybercriminals get faster

Sue Marquette Poremba July 31, 2008

Cybercriminals are adopting new automation techniques and improving on strategies that enable them to exploit vulnerabilities rapidly, a new study reveals.
 

Four fixes shipped for "critical" RealPlayer holes

Dan Kaplan July 29, 2008

RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.
 

Google Trends hacked again

Nick Farrell July 21, 2008

Search engine Google has had its Hot Trends system hacked for the second time in seven days.
 

As businesses weigh adoption, new iPhone plugs 13 flaws

Dan Kaplan July 14, 2008

The second version of the iPhone, released Friday, includes faster internet, GPS functionality and an application store — as well as 13 security fixes.
 

Sun and Apple offer security updates

Dan Kaplan July 11, 2008

Sun Microsystems has issued fixes for a number of vulnerabilities in its Java offerings, while six flaws in Apple TV were patched.
 

Attackers target zero-day Microsoft Word bug

Dan Kaplan July 10, 2008

Hours after releasing four patches as part of its monthly security update, Microsoft warned late Tuesday of a new, zero-day vulnerability in Word that is being actively exploited in targeted but limited attacks.
 

Multiple vendors cooperate to issue DNS design flaw fix

Dan Kaplan July 09, 2008

A massive domain name server (DNS) design vulnerability that could permit cache poisoning - effectively allowing an attacker to direct users to the website of his choosing - is set to be fixed by an unprecedented synchronized series of multivendor patches.
 

Mozilla set to develop risk model for software development

Dan Kaplan July 08, 2008

Mozilla is trying to refute the notion that the buggier the software, the less secure it is.
 

Steganography harnesses VoIP networks

Wojciech Mazurczyk and Krzysztof Szczypiorski July 04, 2008

Steganography is an established technique to hide secret data inside normal data transmissions, but new techniques are being developed to hide packets inside routine VoIP traffic, and escape detection
 

Steganography developers turn their attention to hiding information in VoIP

Richard Thurston July 04, 2008

The abundance of voice over IP equipment has led researchers to develop a range of techniques which, instead of hiding information in standard data traffic, will allow individuals to instead hide information in VoIP streams
 

Apple updates OS X to address security and performance issues

Richard Thurston July 01, 2008

OS X Leopard gets a new version as the Mac maker moves to improve reliability and squash a whole hatful of vulnerabilities
 

Microsoft presses deeper into security space

Richard Thurston June 30, 2008

The software giant is spearheading its second global security initiative in a week, this time aiming to co-ordinate security response systems with other vendors
 

Researchers reveal trio of VoIP vulnerabilities

Sue Marquette Poremba, Richard Thurston June 30, 2008

A security testing company has unearthed a range of vulnerabilities affecting many of the most popular IP telephony platforms; Avaya, Cisco and Nortel have issued advisories
 

Latest News

Popular Topics
Breaches & Exposures Browser Flaws Compliance Consumer Threats Email Security Emerging Threats Finance Government Groundbreakers Healthcare High Tech Insider Threats IT Security Training Lawbreakers & Cybercrime Legal & Professional Services Manufacturing Microsoft Mobile Endpoint Security Patch Management Phishing Privacy Regulation Product News Spam Techniques Trojans Vulnerabilities & Flaws
Home | News | Products | Whitepapers | Jobs | Subscribe | Contact Us | About Us | Advertising | Editorial | Subscribe to our RSS feeds RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions