Vulnerabilities & Flaws

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Companies should reconsider cloud-security perceptions says Pathik Patel, noting that recent software vulnerabilities such as Shellshock had less affect on cloud-based services than premises-based apps.

Microsoft report warns on outdated security software

Microsoft report warns on outdated security software

By

Microsoft says outdated software can be almost as insecure as having no protection at all.

Apple fails to patch 'Masque' flaw now in hands of cyber-criminals

Apple fails to patch 'Masque' flaw now in hands of cyber-criminals

By

A flaw that affects nearly all Apple iOS devices - and which Apple has failed to patch despite knowing about it since July - is now being circulated among cyber-criminals and may have already led to attacks.

Defending online games from piracy, cheating and fraud

Defending online games from piracy, cheating and fraud

The video games industry generates billions of revenue, but only 20 percent achieve profit, due to cheats breaching security, hence the need for stricter implementation and enforcement of controls says Amit Sethi and Rennie Allen.

WordPress: a new security flaw revealed

WordPress: a new security flaw revealed

By

Updating of WordPress versions advised to avoid exposure to new vulnerability

Securing people: Protection in the age of IoT

Securing people: Protection in the age of IoT

The coming Internet of Things explosion is more than your firewall can cope with says Steven Rosen, advising companies to take additional measures to deal with new threats.

Bash flaw threatens hundreds of millions of servers

Bash flaw threatens hundreds of millions of servers

By

Systems admins are being warned of a decades-old bug that means hundreds of millions of systems - ranging from Unix/Linux web servers to possibly Apple devices and WiFi routers - can be easily hijacked.

42: The answer to life - and the latest Patch Tuesday number of updates

42: The answer to life - and the latest Patch Tuesday number of updates

By

Microsoft has issued four bulletins covering a total of 42 vulnerabilities, 36 of which are rated critical.

Invite attacks to identify weaknesses

Invite attacks to identify weaknesses

Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.

North Korean electro-magnetic pulse able to attack US via South Pole

North Korean electro-magnetic pulse able to attack US via South Pole

By

North Korea more likely to attack than most nation states: 3,000 cyberwar hackers and counting...

IEEE looks to raise security standards among software developers

IEEE looks to raise security standards among software developers

By

The Institute of Electrical and Electronics Engineers (IEEE) has formed a new advisory group with the private sector, and is already advising software developers to ensure that their applications are secure.

All your vulnerabilities belong to us: The rise of the exploit

All your vulnerabilities belong to us: The rise of the exploit

The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.

Crash testing needed for the connected car

Crash testing needed for the connected car

Technology and standards need to evolve to cope with the rise of the connected car says Fred Kost.

WordPress and Drupal flaw hits 23% of world's websites

WordPress and Drupal flaw hits 23% of world's websites

By

Up to 230 million websites, including the US White House and the UK's main government data site, are at risk from a denial of service flaw in their WordPress and Drupal content management systems. The two suppliers have rushed out a fix.

HeartBleed - further lessons

HeartBleed - further lessons

Further lessons from Heartbleed, beyond the hype, include caution when listening to advice, such as re-setting passwords, says Chris Russell.

Security researcher finds exploitable flaws in 14 antivirus engines

Security researcher finds exploitable flaws in 14 antivirus engines

By

Joxean Koret, a security researcher at Singapore-based consultancy COSEINC, has found exploitable local and remote flaws in 14 of the 17 major antivirus (AV) engines used by most major AV manufacturers.

WordPress plugin flaw opens blogs up to cybercriminals

WordPress plugin flaw opens blogs up to cybercriminals

By

A WordPress plugin called MailPoet - which has been downloaded around 1.7 million times - has placed large numbers of WordPress-based websites at risk of incursion.

ICYMI: Google's Project Zero, ICO breach & sharing intel on critical infrastructure

ICYMI: Google's Project Zero, ICO breach & sharing intel on critical infrastructure

By

This week's In Case You Missed It (ICYMI) column takes a look at Google's Project Zero, accusations of double-standards at the ICO and the need to share intelligence on critical infrastructure.

Security vulnerabilities found on password managers

Security vulnerabilities found on password managers

By

The wide spectrum of discovered vulnerabilities makes a single solution unlikely - UC Berkley report

Hotel Hippo closes for good after data breach

Hotel Hippo closes for good after data breach

By

UK-based travel booking website Hotel Hippo appears to have closed just one week after an independent security consultant found that the firm had weak security and privacy controls.

300,000 servers still vulnerable to Heartbleed bug

300,000 servers still vulnerable to Heartbleed bug

By

Two-and-a-half months on from the discovery of the Heartbleed bug affecting OpenSSL security, and one security researcher claims that the flaw still affects 300,000 servers.

Open Heartbleed surgery - securing against further vulnerabilities

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

Tweetdeck users warned on XSS vulnerability

Tweetdeck users warned on XSS vulnerability

By

A new XSS vulnerability in Tweetdeck, the popular social media management platform for Twitter, could allow hackers to execute JavaScript code and even steal user credentials.

Cookies flaw lets hackers steal WordPress accounts

Cookies flaw lets hackers steal WordPress accounts

By

A researcher at the Electronic Frontier Foundation (EFF) says that blogs hosted on WordPress can be hacked when connected to public Wi-Fi, even if two-factor authentication is employed.

HeartBleed - How we failed!

HeartBleed - How we failed!

The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.

Tens of thousands of servers *still* vulnerable to Heartbleed

Tens of thousands of servers *still* vulnerable to Heartbleed

By

Half of all servers affected by the global Heartbleed flaw remain unpatched - and it could be months before vulnerable systems are fixed, if ever.

Hyperlinks flaw in Dropbox and Box documents

Hyperlinks flaw in Dropbox and Box documents

By

Confidential records saved with cloud storage providers Dropbox and Box have been exposed, prompting one industry peer to say that it is 'beggars belief' that companies still rely on free file-sharing applications.

Sign up to our newsletters