Vulnerabilities & Flaws
A new report into the ethics of security professionals reveals some eye-opening findings on hidden data breaches, and how incidents are being used to push for bigger budgets.
Older operating systems are considerably more vulnerable and users put themselves at greater risk of security breaches says the latest Microsoft Security Intelligence Report
The latest ICYMI column looks at the latest WordPress XSS flaw, costly data breaches and the return of the controversial "Snooper's Charter".
Anyone reading the news headlines on the Venom flaw over the last 24 hours might be forgiven for thinking that the sky, or at least the cloud, is falling down.
WordPress rushes out security update to fix flaw
Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.
Bug bounties often get results quicker than in-house teams and pen testers - but concerns remain that there may be unintended consequences.
This week's ICYMI column looks at the top stories on SC from the last week, from the breach blame game and Anonymous hackers to the discovery and patching of critical SSL and Magento flaws.
Vulnerability testing by CERT found tens of thousands of Androd apps are vulnerable and no full register exists as they don't all get CVE assigned.
eBay's e-commerce platform Magento has a critical remote code execution (RCE) flaw, which could be used by hackers to remotely compromise up to 200,000 online stores in order to steal credit card details and personal information.
Experts say botched patch leaves tens of millions of Mac OS X devices vulnerable to hijack.
This vulnerability, if left unpatched, affects every flavour of Windows utilising the IIS services version 6+ to support web sites.
With the UK general election only weeks away now, a security flaw has surfaced in the Australian state of New South Wales that may have left votes susceptible to interception and manipulation.
A new generation of vulnerabilities that threaten WordPress users revolve around various plugins for the blogging platform report researchers.
Security researchers at Ben Gurion University in Israel have continued their examination of security on air-gapped PCs, finding that they can be compromised using specially-designed malware measuring tiny fluctuations in heat.
The OpenSSL group has patched numerous flaws with the release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf, including a "high severity" bug which, fortunately, is not as serious as Heartbleed or Poodle.
Ford's announcement of software updates to its cars via WiFi highlights security concerns about Smart Car software.
Firm warns that operating systems, BlackBerry Messenger and Enterprise Server middleware are affected.
Thousands of domain name holders have had their personal details, including addresses and phone numbers, revealed on the internet, thanks to a software flaw that went unnoticed for two years.
In its latest 'Patch Tuesday' notice, Microsoft issued 14 security bulletins including fixes for the Freak flaw and the Stuxnet worm - which was thought to have been patched five years ago.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Scone: Bettys Tea Shop loses 122,000 customer records in data breach
- Update: GCHQ and police hackers protected by revised Computer Misuse Act
- UK web admin tool infected to access 'gold mine' of data
- Adult Friend Finder breach exposes millions of users
- 'Burnt-out' security pros hide breaches, demand bigger budgets