vulnerability
Fake iTunes e-mail leads to drive-by download
E-mails purportedly coming from iTunes and bearing “iTunes account may be suspended” in the subject line have been hitting inboxes in the last few days. …
Mozilla expands its bug bounty program
Back in 2004, the Mozilla Foundation instituted a bug bounty program that rewarded users who reported critical security vulnerabilities on the Foundation’s software with …
Microsoft patches record 40 vulnerabilities
Today Microsoft released 17 security bulletins which address 40 vulnerabilities affecting Microsoft Office, Windows, Internet Explorer, SharePoint Server and Exchange. This …
Multiple vulnerabilities in RealPlayer
Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user’s system, according to Secunia. Users should …
WordPress Comment Rating plugin CSRF vulnerability
A vulnerability has been reported in the Comment Rating plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks, …
CORE IMPACT Pro 11 now detects and exploits network router vulnerabilities
Core Security Technologies introduced the latest version of its automated penetration testing solution, CORE IMPACT Pro 11. CORE IMPACT Pro enables users to conduct real-world …
Security Factsheets: A new look at vulnerability data
Secunia today announced their Security Factsheets, designed for those who are interested in understanding the historical development of advisories and vulnerabilities in …
Most businesses vulnerable to cache poisoning attacks
While DNSSEC adoption percentages appear to have increased dramatically by 340 percent this year, the actual number of zones that have been signed is very small: .02 percent, …
McAfee’s Secure Short URL Service not so secure
When the people at McAfee decided to launch its own URL-shortening service (mcaf.ee), they touted it as “secure” – meaning, that it would guarantee that the …
Behavior of Safari on the iPhone could benefit scammers
A behavior of the Safari browser on the iPhone could be used by phishers and scammers to fool users into believing they have landed on a legitimate site, says Nitesh Dhanjani. …
Canon image originality verification proven useless
ElcomSoft discovered vulnerability in Canon’s Original Data Security System, a validation system to guarantee authenticity of digital images captured with supported …
Android browser flaw allows attackers to access user data
A vulnerability in the Android browser that could allow attackers to download files stored on the mobile device’s or tablet’s SD card has been discovered by …