Vulnerabilities & Flaws

RSA 2015: Bug bounties - accepted but concerns remain

RSA 2015: Bug bounties - accepted but concerns remain

By

Bug bounties often get results quicker than in-house teams and pen testers - but concerns remain that there may be unintended consequences.

ICYMI: SSL and Magento flaws, APT gangs & the breach blame game

ICYMI: SSL and Magento flaws, APT gangs & the breach blame game

By

This week's ICYMI column looks at the top stories on SC from the last week, from the breach blame game and Anonymous hackers to the discovery and patching of critical SSL and Magento flaws.

RSA: Thousands of Android apps found to be vulnerable

RSA: Thousands of Android apps found to be vulnerable

By

Vulnerability testing by CERT found tens of thousands of Androd apps are vulnerable and no full register exists as they don't all get CVE assigned.

15% of e-commerce sites hit by critical Magento RCE flaw

15% of e-commerce sites hit by critical Magento RCE flaw

By

eBay's e-commerce platform Magento has a critical remote code execution (RCE) flaw, which could be used by hackers to remotely compromise up to 200,000 online stores in order to steal credit card details and personal information.

Apple fix for Mac Rootpipe backdoor "doesn't work"'

Apple fix for Mac Rootpipe backdoor "doesn't work"'

By

Experts say botched patch leaves tens of millions of Mac OS X devices vulnerable to hijack.

Critical patch for flaw hitting all MS versions

Critical patch for flaw hitting all MS versions

This vulnerability, if left unpatched, affects every flavour of Windows utilising the IIS services version 6+ to support web sites.

Votes gone walkabout after Australian election voting flaw

Votes gone walkabout after Australian election voting flaw

By

With the UK general election only weeks away now, a security flaw has surfaced in the Australian state of New South Wales that may have left votes susceptible to interception and manipulation.

WordPress plug-ins open to attack

WordPress plug-ins open to attack

A new generation of vulnerabilities that threaten WordPress users revolve around various plugins for the blogging platform report researchers.

Hot and bothered air-gapped PCs open to Bitwhisper attack

Hot and bothered air-gapped PCs open to Bitwhisper attack

By

Security researchers at Ben Gurion University in Israel have continued their examination of security on air-gapped PCs, finding that they can be compromised using specially-designed malware measuring tiny fluctuations in heat.

OpenSSL patches 'high severity' bug - but it's no Heartbleed

OpenSSL patches 'high severity' bug - but it's no Heartbleed

By

The OpenSSL group has patched numerous flaws with the release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, including a "high severity" bug which, fortunately, is not as serious as Heartbleed or Poodle.

Wi-Fi car updates pose security risk

Wi-Fi car updates pose security risk

By

Ford's announcement of software updates to its cars via WiFi highlights security concerns about Smart Car software.

BlackBerry turns sour over Freak vulnerability

BlackBerry turns sour over Freak vulnerability

By

Firm warns that operating systems, BlackBerry Messenger and Enterprise Server middleware are affected.

Google Apps flaw leaks personal details on domain holders

Google Apps flaw leaks personal details on domain holders

Thousands of domain name holders have had their personal details, including addresses and phone numbers, revealed on the internet, thanks to a software flaw that went unnoticed for two years.

Dropbox flaw fixed

By
Stuxnet flaw remained unpatched for four years

Stuxnet flaw remained unpatched for four years

By

In its latest 'Patch Tuesday' notice, Microsoft issued 14 security bulletins including fixes for the Freak flaw and the Stuxnet worm - which was thought to have been patched five years ago.

'Freak' SSL flaw affects mobile browsers, thousands of websites

'Freak' SSL flaw affects mobile browsers, thousands of websites

By

Security researchers have discovered the latest SSL/TLS vulnerability, which leaves around 12 percent of all websites open to MiTM attacks and potential data loss.

Wiping the flaws: Why it's time to get smarter about patch management

Wiping the flaws: Why it's time to get smarter about patch management

Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.

Jetty web servers vulnerable to Heartbleed-style attacks

Jetty web servers vulnerable to Heartbleed-style attacks

By

A critical flaw found on open-source Jetty HTTP web servers could - if left unpatched - lead to hackers hijacking internet sessions and stealing sensitive data.

18 of 25 top vulnerable mobile apps remain unpatched

By

The McAfee Labs Threats Report: February 2015 demonstrates how failure to patch is leaving mobile apps exposed to SSL vulnerabilities.

Under-fire Google tweaks bug disclosure policy

Under-fire Google tweaks bug disclosure policy

By

After stinging criticism from Microsoft and others over how and when it reported zero-day flaws, Google has changed its vulnerability disclosure policy.

Driverless vehicles and digital trust

Driverless vehicles and digital trust

Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell

Visitors to Forbes news site hit by 'Chinese hackers'

Visitors to Forbes news site hit by 'Chinese hackers'

By

Cyber-spy group exploited two Adobe and Internet Explorer zero-days to infect one of the world's most popular websites, say researchers.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US