This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Vulnerabilities & Flaws

Winning strategies in cyber warfare

Winning strategies in cyber warfare

The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.

Critical infrastructure put on 'Heartbleed Bug' alert

Critical infrastructure put on 'Heartbleed Bug' alert

By

Critical infrastructure operators are now being alerted to the far reaching impact of a critical OpenSSL flaw, dubbed the "Heartbleed Bug."

All Android devices believed hit by security flaw

All Android devices believed hit by security flaw

By

A new class of security vulnerability that is "highly suspected" to affect all of the almost one billion Android devices in existence has been discovered by a research team from Indiana University and Microsoft.

Internet of Things - Top Ten concerns

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

162,000 reasons to tighten up WordPress security

162,000 reasons to tighten up WordPress security

By

"Cyber-criminals continue to innovate and find vulnerabilities to exploit for their criminal activity" says Lancope CTO Tim Keanini.

RSA 2014: The "double-edged sword" of disclosing software vulnerabilities

RSA 2014: The "double-edged sword" of disclosing software vulnerabilities

By

An interesting discussion at the RSA conference revealed that vendors often face a "double-edged sword" when tasked with disclosing software vulnerabilities.

Apple faces recriminations after finally fixing Mac bug

Apple faces recriminations after finally fixing Mac bug

By

Apple Mac users can breathe a sigh of relief as the company has finally fixed a flaw that meant their personal details could be stolen while they were browsing online.

B-Sides SF: 'Sexism can be security vulnerability'

B-Sides SF: 'Sexism can be security vulnerability'

By

Security researcher - and white hat hacker - Raven Alder addressed sexism in the InfoSec world at the B-Sides San Francisco event on Monday, and said - perhaps surprisingly - that it can help and hinder attackers and defenders in equal measure.

B-Sides SF: 'You suck at your job'

B-Sides SF: 'You suck at your job'

By

"You suck at your job" was the Michael Roytman's controversial opening line to the audience of white hat hackers at the B-Sides event run prior to RSA San Francisco.

'Chinese spies' launch new Adobe zero-day attack

'Chinese spies' launch new Adobe zero-day attack

By

A group of Chinese spies are believed to have resurfaced to attack vulnerable political and non-profit groups, after FireEye discovered them using a new zero-day Adobe exploit.

Serious RCE flaw discovered in Wiki architecture

Serious RCE flaw discovered in Wiki architecture

By

A critical vulnerability has been discovered in the open source software architecture that drives Wikipedia and numerous other `Wiki' information services.

Corporate Android users face flaw affecting billions of devices

Corporate Android users face flaw affecting billions of devices

By

Corporate Android mobile phone users are warned that potentially billions of apps running on these devices could be hijacked by attackers using a vulnerability first highlighted over two years ago.

Patch Tuesday update addresses 24 bugs, including exploited TIFF zero-day

Patch Tuesday update addresses 24 bugs, including exploited TIFF zero-day

By

Microsoft's Patch Tuesday update has been released, giving users a highly anticipated fix for a TIFF zero-day flaw and 23 other bugs affecting company software.

Russia prosecutes suspected BlackHole author and 12 cohorts

Russia prosecutes suspected BlackHole author and 12 cohorts

By

Russia's Ministry of Internal Affairs (MIA) has revealed that the author of the infamous BlackHole exploit kit is being prosecuted in the country.

Microsoft releases five patches with one critical fix for Internet Explorer

Microsoft releases five patches with one critical fix for Internet Explorer

By

Microsoft released five bulletins on its June Patch Tuesday, fixing one critical vulnerability in Internet Explorer.

Oracle makes plans for Java security

Oracle makes plans for Java security

By

Oracle has said that making Java more secure is a priority, as it lines up regular patch updates.

Secunia apologises over vulnerabilty disclosure on mailing list

By

Vulnerability management firm Secunia has apologised after an undisclosed vulnerability was sent to a public emailing list.

Patch Tuesday sees zero-days in Internet Explorer and Adobe products fixed

Patch Tuesday sees zero-days in Internet Explorer and Adobe products fixed

By

Microsoft released ten bulletins yesterday fixing 33 vulnerabilities, including the zero-day in Internet Explorer 8.

Microsoft recalls patch after blue screen reports

Microsoft recalls patch after blue screen reports

By

Microsoft has acknowledged problems caused by a patch released this week that can cause system errors.

Microsoft releases nine bulletins, but no Pwn2Own fixes

Microsoft releases nine bulletins, but no Pwn2Own fixes

By

Microsoft issued nine bulletins to fix 14 vulnerabilities this week; however it left several known flaws unpatched.

GCHQ establishes vulnerability detection research group

GCHQ establishes vulnerability detection research group

By

GCHQ has announced that it is to open an academic research institute that will seek vulnerabilities in software.

Malware on servers takes down National Institute of Standards and Technology's National Vulnerability Database

By

The National Vulnerability Database has been offline for almost a week after malware was discovered on two servers.

Microsoft issues seven bulletins for Patch Tuesday, but nothing for Pwn2Own vulnerability

Microsoft issues seven bulletins for Patch Tuesday, but nothing for Pwn2Own vulnerability

By

Microsoft released seven bulletins last night, containing four patches rated as critical, to fix 20 vulnerabilities.

Twenty-five years of vulnerabilities - don't believe the modern hype

Twenty-five years of vulnerabilities - don't believe the modern hype

By

Vulnerabilities and flaws are a part of everyday security it seems, especially with the same software constantly affected by zero-days.

Microsoft to release four critical patches among seven fixes next week

Microsoft to release four critical patches among seven fixes next week

By

Microsoft is to release seven bulletins on next week's Patch Tuesday, four of which are rated as critical.

Browsers and software broken down at Pwn2Own

By

Web browsers Google Chrome, Internet Explorer and Firefox, along with Windows 8 and Java, have been exploited in the Pwn2Own hacking contest in Canada today.

Evernote - a story that has combined all security trends?

Evernote - a story that has combined all security trends?

By

The attack on Evernote that was reported last weekend could be deemed to be a new stage in the battle of man v password.

Google patches Chrome ahead of Pwnium and Pwn2Own contests

Google patches Chrome ahead of Pwnium and Pwn2Own contests

By

Google has patched ten vulnerabilities in its Chrome browser ahead of the annual 'pwn2own' hacking contest today.

Adobe releases patches for zero-day flaws in Reader and Acrobat

Adobe releases patches for zero-day flaws in Reader and Acrobat

By

Adobe has released patches for zero-day flaws in its Reader and Acrobat products.

Microsoft fixes 57 vulnerabilities on Patch Tuesday

Microsoft fixes 57 vulnerabilities on Patch Tuesday

By

Microsoft released 12 bulletins, five of which were rated as critical, to address 57 vulnerabilities on Patch Tuesday.

Newsletters