Vulnerabilities in the group communication protocols of three encrypted messaging apps - WhatsApp, Signal, and Threema - could allow attackers to willfully subvert their integrity and confidentiality.
The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested.
Microsoft has said it will continue to support and not remove DDE as an Office document feature despite its acting as a highly effective exploit method for cyber-criminals.
Almost all iPhones and Macs are at risk from Spectre chip security flaw according to industry reports.
API vulnerabilities are the sleeping giant of our technology-led world. The threats posed by an exposed API are significant, yet, they remain the most overlooked threat to information security today says Jason Macy
VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.
A cloud-based data repository belonging to Alteryx, has publicly exposed datasets from the data analytics firm's partner Experian and the US Census Bureau containing sensitive personal information on 123 million Americans.
Hiring a white hat hacker to find your system vulnerabilities and fix them, before the bad guys find and exploit them is a recommended method of strengthening defences says Krishna Rungta.
A recent survey showed that surprisingly, a large percentage of retailers still have no data breach response plan in place.
New Doppelganging attack process memory attack methodology not only defeats market-leading security products but breathes new life into old threats at the same time.
Vulnerability could enable hackers to carry out MitM attacks on bank apps - 10 million users at risk
A collection of vulnerabilities dubbed Mailsploit, found by German security researcher Sabri Haddouche in 30 types of email client applications - from Apple Mail to Mozilla Thunderbird - lets hackers bypass anti-spoofing mechanisms.
Researchers with ClearSky Cyber Security believe with medium-level confidence that they've linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking HBO.
Bindecy security researchers identified a flaw in the original patch code of the Dirty Cow vulnerability which could ultimately lead to a privilege escalation attack.
Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.
Firefox is testing out a warning system that will notify users when they visit breached sites and offer the option to be notified if a site they previously visited becomes breached in the future.
Some IoT devices have no update capability whatsoever so it's important to focus more on software security; developed using best practices, tested for vulnerabilities, and able to ensure the authenticity and integrity of updates.
A day after a developer revealed a root access flaw in macOS High Sierra version 10.13.1, Apple released an emergency patch, which it plans to push out today.
The Open Web Application Security Project (OWASP) has just updated the top ten list of web app vulnerabilities for the first time since 2013. Not much has actually changed.
Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac.
Intel researchers identified an elevation of privilege exploits in various product families which could enable a system crash or system instability, among other issues.
US CERT has issued a warning on a vulnerability in Windows' Address Space Layout Randomisation (ASLR) that affects Windows 8, Windows 8.1, and Windows 10 which could allow an attacker to take control of an affected system.
Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years.
Security researchers have warned over multiple flaws in Libxls that could result in remote code execution using specially crafted XLS files.
Oracle Corporation issued a series of emergency patches on Tuesday last week, fixing five vulnerabilities in its Tuxedo middleware platform, including a critical one that has been compared to Heartbleed.
"Post-mortem" revealed Parity Tech was warned over Ethereum bug that froze £212 million of cryptocurrency
Richard Moulds takes a look behind recent crypto vulnerability headlines - the ability to calculate the private key of an RSA keypair purely by knowing the public key - and asks if they are a prelude to a 'cryptoapocalypse'.
Cisco has patched a critical flaw in its Voice-OS which could allow an unauthenticated, remote hacker to gain elevated access to 12 types of its products.
Adobe's November Patch Tuesday included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.
Microsoft's November Patch Tuesday rollout included patches 53 flaws, 20 rated critical, spread across a variety of products, including Edge, Internet Explorer, Windows and Office.