Vulnerabilities & Flaws

Wiping the flaws: Why it's time to get smarter about patch management

Wiping the flaws: Why it's time to get smarter about patch management

Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.

Jetty web servers vulnerable to Heartbleed-style attacks

Jetty web servers vulnerable to Heartbleed-style attacks

By

A critical flaw found on open-source Jetty HTTP web servers could - if left unpatched - lead to hackers hijacking internet sessions and stealing sensitive data.

18 of 25 top vulnerable mobile apps remain unpatched

By

The McAfee Labs Threats Report: February 2015 demonstrates how failure to patch is leaving mobile apps exposed to SSL vulnerabilities.

Under-fire Google tweaks bug disclosure policy

Under-fire Google tweaks bug disclosure policy

By

After stinging criticism from Microsoft and others over how and when it reported zero-day flaws, Google has changed its vulnerability disclosure policy.

Driverless vehicles and digital trust

Driverless vehicles and digital trust

Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell

Visitors to Forbes news site hit by 'Chinese hackers'

Visitors to Forbes news site hit by 'Chinese hackers'

By

Cyber-spy group exploited two Adobe and Internet Explorer zero-days to infect one of the world's most popular websites, say researchers.

Researcher discovers 'critical' new Adobe Flash zero-day

Researcher discovers 'critical' new Adobe Flash zero-day

By

A widely-used exploit kit called 'Angler' has apparently been used to target a new zero-day affecting the latest versions of Adobe's Flash Player.

Islamic hackers exploit CMS flaws on 'thousands' of French websites

Islamic hackers exploit CMS flaws on 'thousands' of French websites

By

Tens of thousands of French websites have been hacked in the aftermath of last week's Charlie Hebdo terrorist attack, which left 20 people dead.

MWR goes on TV to demonstrate ad-based flaws on mobiles

MWR goes on TV to demonstrate ad-based flaws on mobiles

By

MWR 'proves' ad flaws can be used to hijack mobile phones.

Grinch vulnerability could hit Linux systems

Grinch vulnerability could hit Linux systems

Security researchers uncover 'grinch' vulnerability that could affect all Linux systems

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Companies should reconsider cloud-security perceptions says Pathik Patel, noting that recent software vulnerabilities such as Shellshock had less affect on cloud-based services than premises-based apps.

Microsoft report warns on outdated security software

Microsoft report warns on outdated security software

By

Microsoft says outdated software can be almost as insecure as having no protection at all.

Apple fails to patch 'Masque' flaw now in hands of cyber-criminals

Apple fails to patch 'Masque' flaw now in hands of cyber-criminals

By

A flaw that affects nearly all Apple iOS devices - and which Apple has failed to patch despite knowing about it since July - is now being circulated among cyber-criminals and may have already led to attacks.

Defending online games from piracy, cheating and fraud

Defending online games from piracy, cheating and fraud

The video games industry generates billions of revenue, but only 20 percent achieve profit, due to cheats breaching security, hence the need for stricter implementation and enforcement of controls says Amit Sethi and Rennie Allen.

WordPress: a new security flaw revealed

WordPress: a new security flaw revealed

By

Updating of WordPress versions advised to avoid exposure to new vulnerability

Securing people: Protection in the age of IoT

Securing people: Protection in the age of IoT

The coming Internet of Things explosion is more than your firewall can cope with says Steven Rosen, advising companies to take additional measures to deal with new threats.

Bash flaw threatens hundreds of millions of servers

Bash flaw threatens hundreds of millions of servers

By

Systems admins are being warned of a decades-old bug that means hundreds of millions of systems - ranging from Unix/Linux web servers to possibly Apple devices and WiFi routers - can be easily hijacked.

42: The answer to life - and the latest Patch Tuesday number of updates

42: The answer to life - and the latest Patch Tuesday number of updates

By

Microsoft has issued four bulletins covering a total of 42 vulnerabilities, 36 of which are rated critical.

Invite attacks to identify weaknesses

Invite attacks to identify weaknesses

Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.

North Korean electro-magnetic pulse able to attack US via South Pole

North Korean electro-magnetic pulse able to attack US via South Pole

By

North Korea more likely to attack than most nation states: 3,000 cyberwar hackers and counting...

IEEE looks to raise security standards among software developers

IEEE looks to raise security standards among software developers

By

The Institute of Electrical and Electronics Engineers (IEEE) has formed a new advisory group with the private sector, and is already advising software developers to ensure that their applications are secure.

All your vulnerabilities belong to us: The rise of the exploit

All your vulnerabilities belong to us: The rise of the exploit

The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US