Subscribe Contact Us About Us Advertising Editorial Calendar SC US SC Aus/NZ

RSS | Login | Register

Vulnerabilities & Flaws

Facebook bloggers reveal way to peek at private profiles

Dan Kaplan June 23, 2009

Two Facebook fans generated a load of free publicity for their new blog when, in their maiden post, disclosed a vulnerability in the social-networking website that could enable outsiders to view parts of profiles that are set to private.

"Nine-Ball" mass injection attack compromised 40,000 sites

Angela Moscoritolo June 18, 2009

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites, which are, in turn, infecting users with an information-stealing Trojan, according to security vendor Websense.

Google responds to call for more security

Chuck Miller June 18, 2009

In response to an open letter from dozens of noted security analysts, Google this week said it intends to more broadly turn on security features in its Gmail application by default.

URL shortening site hacked to redirect millions of links

Chuck Miller June 17, 2009

The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.

Proof of concept released for Google Gmail CSRF flaw

Angela Moscaritolo March 06, 2009

A vulnerability in Google's Gmail that enables cross-site request forgery (CSRF) attacks has been recognised since 2007, but a proof-of-concept (PoC) was only released on Tuesday.

Microsoft says password stealers pose biggest threat

Angela Moscaritolo February 24, 2009

The top two threat families on Microsoft's detection and removal list this month are online game password stealers (PWS).

Researchers expect widespread exploit of Adobe PDF flaw

Dan Kaplan February 23, 2009

Attackers are actively exploiting a gaping zero-day hole in versions 9 and earlier of Adobe Acrobat and Reader, the company has warned.

Eight Microsoft fixes planned for Patch Tuesday

Dan Kaplan December 05, 2008

Microsoft plans to release eight patches on Tuesday - six for "critical" vulnerabilities - as part of its monthly security update.

Report: Nearly all computer users running insecure programs

Angela Moscaritolo December 04, 2008

Only two per cent of computer users are fully patched and the other 98 per cent are running at least one insecure, unpatched program, security firm Secunia said this week.

Worm exploiting Microsoft vulnerability developing into botnet

Angela Moscaritolo December 03, 2008

The "W32.Downadup" worm, exploiting the patched Microsoft's Windows Server Service (MWSS) vulnerability, is the key component in a developing botnet, researchers at Trend Micro said this week.

Beware unauthorised web browsers, says Sophos

Joy Persaud August 07, 2008

Most network administrators want to secure their organisations from 'rogue' web browsers, according to IT firm Sophos.

Poorly implemented Citrix poses security risk

Joy Persaud August 06, 2008

Organisational security could be at risk if Citrix is not implemented carefully, according to tests carried out by Global Secure Systems (GSS).

X-Force at mid-year: Cybercriminals get faster

Sue Marquette Poremba July 31, 2008

Cybercriminals are adopting new automation techniques and improving on strategies that enable them to exploit vulnerabilities rapidly, a new study reveals.

Four fixes shipped for "critical" RealPlayer holes

Dan Kaplan July 29, 2008

RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

Google Trends hacked again

Nick Farrell July 21, 2008

Search engine Google has had its Hot Trends system hacked for the second time in seven days.

As businesses weigh adoption, new iPhone plugs 13 flaws

Dan Kaplan July 14, 2008

The second version of the iPhone, released Friday, includes faster internet, GPS functionality and an application store — as well as 13 security fixes.

Sun and Apple offer security updates

Dan Kaplan July 11, 2008

Sun Microsystems has issued fixes for a number of vulnerabilities in its Java offerings, while six flaws in Apple TV were patched.

Attackers target zero-day Microsoft Word bug

Dan Kaplan July 10, 2008

Hours after releasing four patches as part of its monthly security update, Microsoft warned late Tuesday of a new, zero-day vulnerability in Word that is being actively exploited in targeted but limited attacks.

Multiple vendors cooperate to issue DNS design flaw fix

Dan Kaplan July 09, 2008

A massive domain name server (DNS) design vulnerability that could permit cache poisoning - effectively allowing an attacker to direct users to the website of his choosing - is set to be fixed by an unprecedented synchronized series of multivendor patches.

Mozilla set to develop risk model for software development

Dan Kaplan July 08, 2008

Mozilla is trying to refute the notion that the buggier the software, the less secure it is.

Steganography harnesses VoIP networks

Wojciech Mazurczyk and Krzysztof Szczypiorski July 04, 2008

Steganography is an established technique to hide secret data inside normal data transmissions, but new techniques are being developed to hide packets inside routine VoIP traffic, and escape detection

Steganography developers turn their attention to hiding information in VoIP

Richard Thurston July 04, 2008

The abundance of voice over IP equipment has led researchers to develop a range of techniques which, instead of hiding information in standard data traffic, will allow individuals to instead hide information in VoIP streams

Apple updates OS X to address security and performance issues

Richard Thurston July 01, 2008

OS X Leopard gets a new version as the Mac maker moves to improve reliability and squash a whole hatful of vulnerabilities

Microsoft presses deeper into security space

Richard Thurston June 30, 2008

The software giant is spearheading its second global security initiative in a week, this time aiming to co-ordinate security response systems with other vendors

Researchers reveal trio of VoIP vulnerabilities

Sue Marquette Poremba, Richard Thurston June 30, 2008

A security testing company has unearthed a range of vulnerabilities affecting many of the most popular IP telephony platforms; Avaya, Cisco and Nortel have issued advisories

Poynter review: HMRC has radically reduced security risks

Richard Thurston June 26, 2008

PwC chairman Kieran Poynter, the man tasked to investigate what happened in the catastrophic HMRC data breach, has revealed that significant progress has been made since the disastrous information leakage last October

Oyster card hackers may have their research blocked

Richard Thurston June 26, 2008

Two Dutch academics who came to London last week to prove they could break the cipher behind London's Oyster travel card have been warned by the country's Government not to expose any secrets in their upcoming paper on the subject

Poynter Review, IPCC severely criticise HMRC over data breach

Richard Thurston June 25, 2008

Two separate reports into the data leakage of 25 million records from Revenue & Customs last year have widely condemned data security procedures in the Government department

Vulnerability in Adobe Acrobat leads to public exploit

Dan Kaplan June 25, 2008

Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that is already being exploited in the wild

Dutch academics hack Oyster card

Richard Thurston June 24, 2008

Security lecturers from a leading Netherlands university travelled to London last week to crack the Oyster smart card, clone it and get a free day's travel, while they pursue an open source alternative

Latest News

« Previous

Most Popular
Most Emailed
Most Recent