vulnerability
Critical RubyGems vulns can lead to installation of malicious apps
A serious vulnerability in RubyGems, a package manager for the Ruby programming language, can be exploited to trick end users into installing malware from attacker-controlled …
New Drupal versions fix admin account hijack flaw
New versions of popular open source content management system Drupal are out, and fix a series of vulnerabilities, including a critical one that can result in an attacker …
Why LinkedIn chose to keep its bug bounty program private
Bug bounty programs have become de rigueur for tech and Internet companies that want to improve the security of their products by (partly) outsourcing bug discovery. But while …
Unpatched OS X, iOS flaws allow password, token theft from keychain, apps
Six researchers from Indiana University Bloomington, Peking University and Georgia Tech have recently published a paper in which they detail the existence of critical security …
A call to researchers: Mix some creation with your destruction
Since I can first remember being interested in information security, my personal hacker heroes (and I’m using hacker positively here) were the researchers who discovered zero …
FIRST announces CVSS version 3
The Forum of Incident Response and Security Teams (FIRST) has announced the availability of version 3 of the Common Vulnerability Scoring System (CVSS). The new system is the …
Serious MitM flaw plugged in latest watchOS version
If you’ve recently bought an Apple Watch, or if you have had one for a while now, but you haven’t updated to the latest watchOS version, now is the time to do it …
Bug in iOS Mail app is a dream come true for phishers
A serious bug in the default Apple iOS Mail application can be easily exploited to show extremely realistic-looking pop-up prompts and trick users into sharing their Apple …
Mozilla increases rewards given out to bug hunters
Once again the Mozilla Foundation has upped the bounties it offers to researchers who find and responsibly disclose vulnerabilities in Firefox.“Those of us on the Bug …
Most vulnerabilities on enterprise networks are two years old
The NTT Innovation Institute and NTT Group security combined an analysis of over six billion attacks observed in 2014 with an interactive data review and ongoing daily global …
Weak SSH keys opened many GitHub repositories to compromise
Github repositories of many entities, projects, and even one government could have been compromised and used to deliver malicious code due to the owners’ use of easily …
Bug hunting without much tech knowledge or many tools
Bas Venis has been programming since he was 14 years old. After gaining some experience as a web developer, this 18-year-old self-taught security researcher got into IT …
Featured news
Sponsored
Don't miss
- Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
- LastPass users targeted by vishing attackers
- Protobom: Open-source software supply chain tool
- The key pillars of domain security
- Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)