Licence management systems used in industrial control systems are plagued with vulnerabilities - contain 14 flaws could enable hackers to take control of systems and carry out DoS attacks
Certificate authority Let's Encrypt has disabled TLS-SNI-01 validation on its service. Through the vulnerability, a hacker could have requested certificates for domains that were not theirs.
A vulnerability in Symantec endpoint clients remains unpatched months after disclosure, according to security researchers.
Online retailer AliExpress fixed an open redirect vulnerability in its online shopping portal last October that could have been exploited to display a fake coupon designed to phish sensitive information from those who viewed it.
The US Defence Department's vulnerability disclosure programme (VDP) has yielded 2,837 security flaws in the nearly one year since its inception.
Joomla researchers patched a vulnerability that could have let hackers to steal passwords, including administrator credentials but which has flown under the radar for eight years.
Microsoft has patched a memory corruption vulnerability and an information disclosure vulnerability in Microsoft Office Outlook.
Hikvision, a world leader in the production of CCTV surveillance cameras, has been pulled up short by US-CERT which is warning that some models are vulnerable to two authentication bugs.
An analysis of over one billion lines of code finds the UK ranks last for the security of its code and finds that teams of 10 do better than teams of 20 or more.
The African continent has seen an upsurge in cyber-attacks, particularly on telecommunications infrastructure and especially via DDoS, leading Kenya to set up a new Cyber Coordination Centre.
"Where bits and bytes meet flesh and blood" was the main area of concern for industry panelists, ranging from Critical Infrastructure - where strict controls may be impossed, to consumer IOT goods - where they can't.
The number of vulnerabilities in the US federal government arsenal hovers in the dozens, Columbia University senior research scholar Jason Healey told a DEF CON 24 audience.
The latest In Case You Missed It (ICYMI) looks at CEO whaling victim; Unpatched zero-day; Passwords dropped; Self-propagating ransomware; USB charging hack
The latest In Case You Missed It (ICYMI) looks at Malware targeting malware; Was airport attacked?; Ransomware, malvertising & phishing; Quicktime unfixed; Short urls a risk
Google has fixed this latest flaw with Android but Trend Micro warns that fragmentation in the Android ecosystem means hackers can still exploit it.
The latest In Case You Missed It (ICYMI) looks at; Investigatory Powers Bill; TalkTalk woes continue; EBay exploit unfixed; EU-US Privacy Shield agreed; Malwarebytes apologises for flaw.
Users urged to apply patch to Android vulnerability as soon as possible.
Security firm goes full disclosure on mechanics of SSH issue and finds three more vulnerabilities
Juniper Networks own ScreenOS software harboured unauthorised code, questions of possible use by NSA.
Most corporate attacks apparently happen on a Friday, but just imagine how much of a threat is posed to retailers this coming weekend which is topped and tailed by Black Friday and Cyber Monday?
Microsoft customer Nick Ioannou "incredulous at company's failure to fix Safe Links flaw which leaves security holes in supposedly cleansed email"
All ten smartwatches tested by HP Fortify reported significant security vulnerabilities, along with their Android and iOS cloud and mobile application components, according to a new report.
A security researcher has criticised Apple for failing to address a root-level vulnerability.
A DRAM hardware 'reliability issue' turns out to be a vulnerability issue for half of all laptops as Google researchers demonstrate Rowhammer hijack.
As the internet of things rolls out into every aspect of our lives, new security issues will arise, and regulators need to ensure minimum standards apply says Geoff Webb.
Microsoft has unexpectedly withdrawn a key element of its Patch Tuesday operating system refresh after discovering a flaw in an update for Windows 7 and Windows Server 2008.
The ability of attackers to exploit XSS flaws is more an economic issue than a technical one says Ilia Kolochenko who calls for prompt professional action when vulnerabilities are identified.