Vulnerabilities & Flaws
"Quicksand" sandbox vulnerability could enable rogue apps
Cross-Site Scripting (XSS) vulnerability within a Salesforce subdomain now patched
Hackers could subvert Windows Update to install malware in organisations
APT actors are using a China-based VPN provider to hide their digital tracks and mask their identities.
UK charity CALM says that its website was hacked and defaced on July 24th, in an attack that has been described as 'motiveless' and 'senseless'.
A single packet could leave the internet in a bind, warn experts.
Windows 10 launched today, but there were immediately security questions raised within the industry about some aspects and features on the new operating system.
A zero-day flaw in Apple's online AppStore and iTunes store reportedly allows attackers to hijack users' purchasing sessions, buy and download any app or movie they want, then charge it to the original user.
Successfully exploiting the vulnerabilities could allow an attacker to spy on users, or even completely take over the device.
After a demo of a Jeep hack in the US 1.4 million of the vehicles have been recalled - and DAB presents another attack vector according to NCC researchers
This week's ICYMI column looks at the most-read stories on SC this week, including our investigation on VFS Global, the UK government's attitude towards encryption and the continuing fall-out from the Ashley Madison hack.
A flaw in OpenSSH could let attackers bypass limits imposed on password login attempts, to launch brute force attacks and steal credentials.
The OpenSSL vulnerability revealed a couple of weeks ago is "no Heartbleed" according to security experts but that's not to diminish the seriousness of the flaw.
This week's ICYMI column looks at Tor sniffing, old-school router attacks and the fallout from the Hacking Team data breach.
A new credit card-stealing attack is underway on the eBay Magento e-commerce platform, which is used by more than 240,000 businesses worldwide.
Security industry calls on organisations to ditch vulnerable browser plug-in as yet another zero-day flaw hits flash
Researchers at NowSecure have uncovered a vulnerability in the stock keyboard that is pre-installed on 600 million Samsung devices, including the new Galaxy S6, that can apparently enable a remote arbitrary code execution attack.
Fresh from paying out US$ 1.5 million (£960,000) to security researchers who found bugs in the Chrome browser and other products last year, Google is expanding its bounty rewards programme so to include its Android operating system and devices running on it.
German security researcher Maxim Rupp has discovered numerous security flaws with solar lighting systems and wind turbines which, if maliciously exploited by an attacker, could result in disrupting energy supplies.
Old malware variants, the Zeus Trojan and the Conficker computer worm, remain a huge problem for most UK companies, according to CERT-UK's first annual report.