Bugs News, Articles and Updates

How safe are apps built on Open Source? Is security traded for efficiency?

Many enterprises are embracing Open source software (OSS) at a fast pace, but do such software solutions match up against enterprises' internal applications when it comes to security, robustness, maintainability, and efficiency?

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and several core apps, as well as security enhancements for two older OS offerings.

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix an array of vulnerabilities, including high-impact bugs in its Unified Customer Voice Portal (CVP), its NX-OS Software, and its Email Security Appliance (ESA).

Experts: Fixing Spectre and Meltdown has required 'new computer science'

A Google official on Thursday referred to the Spectre and Meltdown computer chip bugs as "the most challenging and hardest to fix in a decade," requiring unprecedented levels of cooperation.

Google bug tracker service flaw allowed access to new vulnerability reports

A private website Google used to track bugs in its own products was discovered to have its own set of flaws that could have exposed sensitive vulnerability reports - now fixed.

Apple kills bugs in iCloud for Windows, macOS High Sierra, macOS Server

Apple has issued security updates for its macOS operating system, macOS Server, and iCloud for Windows products, fixing 67 vulnerabilities.

Throw your backdoored D-Link router in the bin, urges security researcher

Slew of bugs and backdoors means device is unsafe to use

Google launches Android bug bounty programme

Fresh from paying out US$ 1.5 million (£960,000) to security researchers who found bugs in the Chrome browser and other products last year, Google is expanding its bounty rewards programme so to include its Android operating system and devices running on it.

RSA 2015: Bug bounties - accepted but concerns remain

Bug bounties often get results quicker than in-house teams and pen testers - but concerns remain that there may be unintended consequences.

Security researcher wins £6,000 after finding critical PayPal flaw

Egyptian cyber-security researcher Yasser Ali has won US$ 10,000 (£6,384.28) in a bug bounty after finding a flaw in the PayPal global payment system that would allow any of its 150 million-plus customer accounts to be hijacked with a single click.

Poodle flaw opens encrypted web traffic to attack

Systems admins are being warned of a newly discovered 'industry-wide' bug dubbed 'Poodle' that allows attackers to decode encrypted traffic running over the internet.

Bash flaw threatens hundreds of millions of servers

Systems admins are being warned of a decades-old bug that means hundreds of millions of systems - ranging from Unix/Linux web servers to possibly Apple devices and WiFi routers - can be easily hijacked.

Teenage Aussie hacker reveals PayPal flaw

17-year-old hacker divides industry opinion by going public before PayPal fixes problem.

Portcullis shuts down Sophos antivirus bug

UK-based security services firm Portcullis has discovered a flaw in Sophos Antivirus that could allow attackers to inject malicious code and disable the software.

Microsoft still hasn't fixed US$100,000 bounty bug

Some eight months after discovery and paying a bug bounty of US100,000, Microsoft Windows remains vulnerable to the weakness found by James Forshaw.

NSA denies exploiting Heartbleed bug for surveillance

The National Security Agency (NSA) has dismissed reports that it has been exploiting the Heartbleed vulnerability to carry out internet surveillance.

Cyber attacks are targeting Heartbleed flaw, says US CERT

As the latest major security bug prompts cyber-crime and phishing attacks, experts advise on changing passwords and what CISOs can do.

Apple's iOS 7.1 fixes 41 bugs, including Webkit flaws

Apple's latest mobile operating system, iOS 7.1, was released on Monday, bringing updates for 41 bugs plaguing users.

Criminals use new zero-day bug to 'target military and defence'

Security researchers have uncovered a new Internet Explorer zero-day bug that they believe has been used to target the US military and French arms suppliers in what's feared to be the start of a cyber espionage campaign.

Wickr lays down US$ 100,000 bounty challenge to hackers

Secure messaging app provider Wickr has joined the top echelon of software developers by launching a bug bounty programme that offers up to US $100,000 for hackers who can find flaws in its software.

Patch Tuesday update addresses 24 bugs, including exploited TIFF zero-day

Microsoft's Patch Tuesday update has been released, giving users a highly anticipated fix for a TIFF zero-day flaw and 23 other bugs affecting company software.

Google fixes 50 security flaws in new version of Chrome

Google has launched a new version of its Chrome web browser which includes 50 security fixes. Chrome has more than 750 million active users worldwide and rivals Internet Explorer as the world's most popular web browser.