vulnerability
The weak links in an increasingly dynamic threat landscape
The Cisco 2014 Midyear Security Report, released today at Black Hat, examines the “weak links” in organizations – outdated software, bad code, abandoned …
0-days found in Symantec Endpoint Protection
While testing of the systems and networks of a financial services company, a team of penetration testers from Offensive Security have unearthed a number of vulnerabilities, …
97% of Global 2000 remain vulnerable to due to Heartbleed
97 percent of Global 2000 organizations’ public-facing servers remain vulnerable to cyber attacks due to incomplete Heartbleed remediation, according to Venafi. This …
Researchers successfully attack Android through device’s speaker
A group of researchers from the Chinese University of Hong Kong have demonstrated that even applications with zero permissions can be used to launch attacks that allow …
AV engines are riddled with exploitable bugs
A security researcher has found a great number of exploitable vulnerabilities in popular security solutions and the AV engines they use, proving not only that AV engines are …
40% of orgs running VMware still susceptible to Heartbleed
More than three months have passed since the discovery of the OpenSSL Heartbleed bug, and many systems are still vulnerable. According to data collected by data analytics …
Internet Explorer vulnerabilities increase 100%
Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more …
Intentional backdoors in iOS devices uncovered
A researcher has revealed that Apple has equipped its mobile iOS with several undocumented features that can be used by attackers and law enforcement to access the sensitive …
Unpatched OpenSSL holes found on Siemens ICSs
A number of Siemens industrial products have been found sporting four vulnerabilities in their OpenSSL implementation, which could lead to man-in-the-middle (MitM) attacks or …
vBulletin releases patches for critical SQL injection flaw
The vBulletin team has issued emergency patches for the critical SQL injection vulnerability responsibly reported by the Romanian Security Team. The flaw affects vBulletin …
Active Directory flaw impacts 95% of Fortune 1000 companies
Aorato identified a new threatening flaw within Active Directory that enables attackers to change a victim’s password, despite current security and identity theft …
Critical vulnerabilities in web-based password managers found
A group of researchers from University of California, Berkeley, have analyzed five popular web-based password managers and have discovered – and then responsibly …
Featured news
Resources
Don't miss
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
- Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
- How CISOs can elevate cybersecurity in boardroom discussions
- A humble proposal: The InfoSec CIA triad should be expanded