vulnerability
Unpatched SQLi vulnerability in SmartVista e-commerce suite
Companies using SmartVista, the popular e-commerce/payment management product suite developed by Swiss company BPC Banking Technologies, are urged to put limit access to its …
Bugs in Windows DNS client open millions of users to attack
In this month’s Patch Tuesday, Microsoft has included fixes for multiple critical memory corruption vulnerabilities in the Windows DNS client, which could be exploited …
Patching discrepancy between supported Windows versions puts users at risk
Security improvements should be a welcome addition to all software, but if they are not also simultaneously backported into its older and still supported versions, they can …
PoC for several Magento vulnerabilities released, update now!
DefenseCode has published proof of concept code for two CSRF and stored XSS vulnerabilities affecting a number of versions of the popular e-commerce platform Magento. Magento …
Widely used DNS forwarder and DHCP server Dnsmasq riddled with flaws
Google researchers have discovered seven serious vulnerabilities in Dnsmasq, a lightweight, widely used DNS forwarder and DHCP server for small computer networks. Dnsmasq is …
Is your Mac software secure but firmware vulnerable?
Mac users who have updated to the latest OS version or have downloaded and implemented the most recent security update may not be as secure as they originally thought, Duo …
Spoofed IRS notice delivers RAT through link updating trick
The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails …
Optionsbleed bug makes Apache HTTP Server leak data from memory
On Monday, security researcher Hanno Böck detailed a memory-leaking vulnerability in Apache HTTP Server that’s similar to the infamous OpenSSL Heartbleed bug uncovered …
Equifax breach happened because of a missed patch
The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability – CVE-2017-5638 …
Patch Tuesday: 80+ vulnerabilities fixed, one exploited in the wild
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework. The September …
Billions of Bluetooth-enabled devices vulnerable to new airborne attacks
Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute …
Equifax attackers got in through an Apache Struts flaw?
Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to …
Featured news
Sponsored
Don't miss
- Prompt Fuzzer: Open-source tool for strengthening GenAI apps
- How insider threats can cause serious security breaches
- Most people still rely on memory or pen and paper for password management
- What AI can tell organizations about their M&A risk
- Breaking down the numbers: Cybersecurity funding activity recap