security update
VMware plugs critical information-leaking hole
VMware has plugged a critical security issue in the VMware Client Integration Plugin, which could allow for a Man in the Middle attack or web session hijacking in case the …
Cisco UCS servers can be hijacked with malicious HTTP request
A data center server platform running Cisco’s Unified Computing System (UCS) Central Software can be compromised by unauthenticated, remote attackers with a single, …
Microsoft patches Badlock, but doesn’t call it critical
Microsoft just released several security bulletins, with six marked as critical and seven categorized as important. The biggest surprise (or disguise) came in the patch marked …
Bug in OS X Messages client exposes messages, attachments
When in March Apple pushed out security updates for its many products, much attention has been given to a zero-day bug discovered by a team of Johns Hopkins University …
Update your ManageEngine Password Manager Pro ASAP!
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for …
OS X zero day bug allows hackers to bypass system integrity protection
An OS X zero day vulnerability could allow attackers to bypass System Integrity Protection, Apple’s newest protection feature, and to escalate their privileges, simplifying …
Apple updates its products, fixes iMessages zero-day
On Monday Apple has pushed out updates for its many products: iOS, OS X, OS X Server, Safari, watchOS, tvOS, and Xcode. Of these, the most eagerly awaited was that for iOS, as …
How a digital pathology solution secures patient data
Dutch tech company Philips recently announced that its digital pathology solutions have been certified for compliance with the U.S. Department of Defense (DoD) security …
Google plugs 19 holes in newest Android security update
In the March 2016 security update for the Android Open Source Project (AOSP), Google has fixed 19 security issues, seven of which are considered to be critical. Among these, …
Cisco removes weak default static credentials from its switches
Cisco has released on Wednesday a bucketload of software updates for a wide variety of its products, fixing vulnerabilities of different types and severity. But one is deemed …
Weak default credentials, command injection bug found in building operation software
A vulnerability in servers programmed with Schneider Electric’s StruxureWare Building Operation software can be exploited by a low-skilled, remote attacker to gain access to …
Fighting malware monetization and application vulnerabilities
As the traditional network perimeter disappears and attack surfaces grow, security professionals are challenged with protecting users, applications and data – without …
Featured news
Resources
Don't miss
- The soft underbelly of space isn’t in orbit, it’s on the ground
- Privacy risks sit inside the ads that fill your social media feed
- Should AI access be treated as a civil right across generations?
- What cybersecurity leaders are reading to stay ahead
- Cisco email security appliances rooted and backdoored via still unpatched zero-day