vulnerability
McAfee ePolicy Orchestrator exploitation tool
US-CERT’s latest advisory focuses on an exploit tool for McAfee ePolicy Orchestrator. The tool targets two vulnerabilities found in ePO versions 4.6.5 and earlier. In …
Bug bounties are cheaper than hiring full-time bug hunters
Software companies that have instituted bug bounties are on the right track, a recently published report by researchers of the University of California, Berkeley computer …
Bluebox releases free scanner for Android “master key” bug
Bluebox Security, the mobile security startup that’s “working to save the world from information thievery”, has made a name for itself by finding and …
Microsoft gives app developers 180 days to fix bugs
This month’s Patch Tuesday has been a prolific one, and patches for a total of 34 vulnerabilities – six of which critical – have been made available for …
POC code for critical Android bug published
Last week, researchers from Bluebox Security have made a disconcerting revelation: Google’s Android mobile OS carries a critical bug that allows attackers to modify the …
US Emergency Alerting System vulnerable to attack
IOActive has discovered vulnerabilities in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States. They uncovered the …
The magnitude of Android’s “master key” bug
The Android flaw whose existence was revealed last week by Bluebox Security is as bad as they come. “Blowing hash and signing functions so that the underlying code can …
Android bug allows app code change without breaking signatures
Researchers from Bluebox Security have discovered a critical Android flaw that allows attackers to modify the code of any app without breaking its cryptographic signature, and …
Darkleech Apache module injection campaign delivers malware
One of the most successful malware infection campaigns ever is still going strong, and researchers have not come closer to discovering how the attackers are compromising web …
Serious vulnerabilities in OpenX ad platform expose millions to risk
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) …
Facebook squashes critical account hijacking bug
A U.K.-based security researcher has shared details of a recently patched Facebook vulnerability that he discovered and for which he received $20,000 via the the social …
Data-slurping Facebook Graph Search flaw revealed
A mobile developer has discovered what he claims is a security vulnerability in the Facebook Graph Search that allowed him to automate the compilation of a list of some 2.5 …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege