This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Vulnerabilities & Flaws

All your vulnerabilities belong to us: The rise of the exploit

All your vulnerabilities belong to us: The rise of the exploit

The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.

Crash testing needed for the connected car

Crash testing needed for the connected car

Technology and standards need to evolve to cope with the rise of the connected car says Fred Kost.

WordPress and Drupal flaw hits 23% of world's websites

WordPress and Drupal flaw hits 23% of world's websites

By

Up to 230 million websites, including the US White House and the UK's main government data site, are at risk from a denial of service flaw in their WordPress and Drupal content management systems. The two suppliers have rushed out a fix.

HeartBleed - further lessons

HeartBleed - further lessons

Further lessons from Heartbleed, beyond the hype, include caution when listening to advice, such as re-setting passwords, says Chris Russell.

Security researcher finds exploitable flaws in 14 antivirus engines

Security researcher finds exploitable flaws in 14 antivirus engines

By

Joxean Koret, a security researcher at Singapore-based consultancy COSEINC, has found exploitable local and remote flaws in 14 of the 17 major antivirus (AV) engines used by most major AV manufacturers.

WordPress plugin flaw opens blogs up to cybercriminals

WordPress plugin flaw opens blogs up to cybercriminals

By

A WordPress plugin called MailPoet - which has been downloaded around 1.7 million times - has placed large numbers of WordPress-based websites at risk of incursion.

ICYMI: Google's Project Zero, ICO breach & sharing intel on critical infrastructure

ICYMI: Google's Project Zero, ICO breach & sharing intel on critical infrastructure

By

This week's In Case You Missed It (ICYMI) column takes a look at Google's Project Zero, accusations of double-standards at the ICO and the need to share intelligence on critical infrastructure.

Security vulnerabilities found on password managers

Security vulnerabilities found on password managers

By

The wide spectrum of discovered vulnerabilities makes a single solution unlikely - UC Berkley report

Hotel Hippo closes for good after data breach

Hotel Hippo closes for good after data breach

By

UK-based travel booking website Hotel Hippo appears to have closed just one week after an independent security consultant found that the firm had weak security and privacy controls.

300,000 servers still vulnerable to Heartbleed bug

300,000 servers still vulnerable to Heartbleed bug

By

Two-and-a-half months on from the discovery of the Heartbleed bug affecting OpenSSL security, and one security researcher claims that the flaw still affects 300,000 servers.

Open Heartbleed surgery - securing against further vulnerabilities

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

Tweetdeck users warned on XSS vulnerability

Tweetdeck users warned on XSS vulnerability

By

A new XSS vulnerability in Tweetdeck, the popular social media management platform for Twitter, could allow hackers to execute JavaScript code and even steal user credentials.

Cookies flaw lets hackers steal WordPress accounts

Cookies flaw lets hackers steal WordPress accounts

By

A researcher at the Electronic Frontier Foundation (EFF) says that blogs hosted on WordPress can be hacked when connected to public Wi-Fi, even if two-factor authentication is employed.

HeartBleed - How we failed!

HeartBleed - How we failed!

The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.

Tens of thousands of servers *still* vulnerable to Heartbleed

Tens of thousands of servers *still* vulnerable to Heartbleed

By

Half of all servers affected by the global Heartbleed flaw remain unpatched - and it could be months before vulnerable systems are fixed, if ever.

Hyperlinks flaw in Dropbox and Box documents

Hyperlinks flaw in Dropbox and Box documents

By

Confidential records saved with cloud storage providers Dropbox and Box have been exposed, prompting one industry peer to say that it is 'beggars belief' that companies still rely on free file-sharing applications.

Winning strategies in cyber warfare

Winning strategies in cyber warfare

The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.

Critical infrastructure put on 'Heartbleed Bug' alert

Critical infrastructure put on 'Heartbleed Bug' alert

By

Critical infrastructure operators are now being alerted to the far reaching impact of a critical OpenSSL flaw, dubbed the "Heartbleed Bug."

All Android devices believed hit by security flaw

All Android devices believed hit by security flaw

By

A new class of security vulnerability that is "highly suspected" to affect all of the almost one billion Android devices in existence has been discovered by a research team from Indiana University and Microsoft.

Internet of Things - Top Ten concerns

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

162,000 reasons to tighten up WordPress security

162,000 reasons to tighten up WordPress security

By

"Cyber-criminals continue to innovate and find vulnerabilities to exploit for their criminal activity" says Lancope CTO Tim Keanini.

RSA 2014: The "double-edged sword" of disclosing software vulnerabilities

RSA 2014: The "double-edged sword" of disclosing software vulnerabilities

By

An interesting discussion at the RSA conference revealed that vendors often face a "double-edged sword" when tasked with disclosing software vulnerabilities.

Apple faces recriminations after finally fixing Mac bug

Apple faces recriminations after finally fixing Mac bug

By

Apple Mac users can breathe a sigh of relief as the company has finally fixed a flaw that meant their personal details could be stolen while they were browsing online.

B-Sides SF: 'Sexism can be security vulnerability'

B-Sides SF: 'Sexism can be security vulnerability'

By

Security researcher - and white hat hacker - Raven Alder addressed sexism in the InfoSec world at the B-Sides San Francisco event on Monday, and said - perhaps surprisingly - that it can help and hinder attackers and defenders in equal measure.

B-Sides SF: 'You suck at your job'

B-Sides SF: 'You suck at your job'

By

"You suck at your job" was the Michael Roytman's controversial opening line to the audience of white hat hackers at the B-Sides event run prior to RSA San Francisco.

'Chinese spies' launch new Adobe zero-day attack

'Chinese spies' launch new Adobe zero-day attack

By

A group of Chinese spies are believed to have resurfaced to attack vulnerable political and non-profit groups, after FireEye discovered them using a new zero-day Adobe exploit.

Serious RCE flaw discovered in Wiki architecture

Serious RCE flaw discovered in Wiki architecture

By

A critical vulnerability has been discovered in the open source software architecture that drives Wikipedia and numerous other `Wiki' information services.

Corporate Android users face flaw affecting billions of devices

Corporate Android users face flaw affecting billions of devices

By

Corporate Android mobile phone users are warned that potentially billions of apps running on these devices could be hijacked by attackers using a vulnerability first highlighted over two years ago.

Patch Tuesday update addresses 24 bugs, including exploited TIFF zero-day

Patch Tuesday update addresses 24 bugs, including exploited TIFF zero-day

By

Microsoft's Patch Tuesday update has been released, giving users a highly anticipated fix for a TIFF zero-day flaw and 23 other bugs affecting company software.

Russia prosecutes suspected BlackHole author and 12 cohorts

Russia prosecutes suspected BlackHole author and 12 cohorts

By

Russia's Ministry of Internal Affairs (MIA) has revealed that the author of the infamous BlackHole exploit kit is being prosecuted in the country.

Sign up to our newsletters