Positive Technologies has elaborated on a critical remote code execution vulnerability its researchers discovered in the web interface of the Cisco Systems Access Control Server (ACS).
Hackers filed more than 100 security vulnerability reports during the 29-day Hack the DTS (Defence Travel System) bug bounty initiative and amassed nearly US$ 80,000 (£60,183) for their efforts.
A glitch in T-Mobile's website allowed anyone to look up customer details including full names, postal addresses, billing account numbers, and in some cases information about tax identification numbers.
Schneider Electric patched a vulnerability (CVE-2018-7783) in its SoMachine Basic that could result in the disclosure or retrieval of data during an out-of-band attack.
Even though thousands of smart devices are being regularly connected to enterprise networks, many organisations do not have security policies for connected devices, or their employees do not follow existing policies by the book.
OEMs don't have the luxury of passing off failures like Meltdown and Spectre to customers as it impacts reputation and revenues. However, there are steps organisations can take to help protect both their business and customers.
A privilege escalation vulnerability patched last week in Microsoft Windows and an Adobe Reader remote code execution bug fixed in a product update were both jointly targeted by a PDF-based zero-day exploit.
Vulnerability management strategies based on responding to published - and patched - CVE vulnerabilities are fatally flawed, according to a new in-depth report.
A security vulnerability has been discovered in a software framework used web apps that could enable hackers to execute remote code. The problem could affect many web apps that use the framework.
LG on Monday released a security update fixing a high-severity remote code execution vulnerability found in the default keyboards of all its mainstream smartphone models.
A patch released Tuesday by Adobe fixes a critical confusion vulnerability, CVE-2018-4944, found in all Flash Player versions up to 18.104.22.168.
After a vulnerability in Apache Struts led to serious breaches at Equifax and laid the credit reporting agency low last autumn, organisations should have scrambled to bolster security.
Microsoft has released two updates as part of the company's on-going effort to secure devices running Intel processors from the Spectre vulnerability.
Even after warnings, NHS trusts did little to update or replace legacy software and the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks says the National Audit Office.
More than 80 UK manufacturing plants have faced cyber-incidents, yet many use old systems and lack the visibility, tools or manpower to carry out cyber-risk assessments. Are manufacturers fighting a losing battle?
In a month from now, the UK will welcome GDPR which will give the ICO more powers to defend consumer interests and issue fines of up to £17 million or four percent of global turnover on organisations in the event of data breaches.
A Cisco security advisory is warning users of a vulnerability in the firm's WebEx Meetings and WebEx Meetings Server that could allow a remote attacker to execute arbitrary code on their system.
AMD releases processor security updates for vulnerabilities concerning the Spectre Variant 2 vulnerability or Microsoft Windows users.
Microsoft Corporation on Tuesday announced an emergency patch for a memory corruption vulnerability in its Microsoft Malware Protection Engine (MMPE) that remote attackers can exploit to execute arbitrary code.
Cyber-security researchers from four major universities have disclosed a new processor-based vulnerability called BranchScope similar to Spectre/Meltdown, but is immune to the fixes put in place that patch those vulnerabilities.
A newly discovered "kill switch" effectively counters the memcached vulnerability that led recently to massive DDoS attacks at specific targets including national security agencies, reports Corero Network Security.
Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a DoS condition.
Threat actors exploited the CVE-2017-10271 vulnerability which allows for remote code execution to deliver both a 64-bit variant and a 32-bit variant of an XMRig Monero miner, according to a 26 February blog post.
Cisco Talos has made public a new vulnerability in Adobe ReaderDC that if exploited can lead to arbitrary code execution.
A malicious campaign that's been exploiting a vulnerability in Oracle's WebLogic application servers in order to install a Monero cryptominer on victims' machines spreads the threat worldwide, across virtually all industry sectors.
Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.
Attackers were found exploiting a zero-day Telegram app vulnerability in order to make the names and extensions of malicious files appear more legitimate, in hopes that users who received these files would more willingly open them.
Cyber-criminals are using a malware spam campaign to exploit a remote code execution vulnerability in Microsoft Office to download and execute malicious scripts on victims' systems.
Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.
Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.