Application security, Security
January 2, 2018
Via: Naked SecurityMozilla published an unexpected security patch this week, bumping Firefox up to version 57.0.3. (You probably weren’t expecting a browser update between Christmas and New Year, but it’s good to know that security fixes don’t take second place in holiday season.) […]
December 27, 2017
Via: Threat PostMozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low. Mozilla said Thunderbird, […]
November 29, 2017
Via: Threat PostA major bug in Apple’s macOS gives anyone with physical access to a computer running the latest version of the High Sierra operating system admin access simply by putting “root” in the user name field. The bug was publicized Tuesday […]
November 29, 2017
Via: Dark ReadingSamsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program. Samsung Electronics is giving its newly minted two-month-old bug bounty program a boost by bringing in Bugcrowd to handle the payment processing, the companies announced […]
November 22, 2017
Via: Threat PostIntel released patches on Monday to protect millions of PCs and servers from vulnerabilities found in its Management Engine, Trusted Execution Engine and Server Platform Services that could allow local attackers elevate privileges, run arbitrary code, crash systems and eavesdrop […]
Cloud security, Vulnerabilities
November 2, 2017
Via: Threat PostA bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to takeover. WordPress released WordPress 4.8.3 Tuesday, which mitigates the vulnerability. “This is […]
October 18, 2017
Via: Threat PostOracle patched 250 vulnerabilities across hundreds of different products as part of its quarterly Critical Patch Update released today. Rounding out the list of products with the most patches is Oracle Fusion Middleware with 38, Oracle Hospitality Applications with 37 […]
August 31, 2017
Via: Threat PostAdministrators who have Siemens’ LOGO! logic module deployed in automation setups are being urged to update its firmware. The German industrial manufacturing giant pushed out an update for its LOGO! 8 BM devices Wednesday morning to fix a vulnerability (CVE-2017-12734) […]
February 28, 2017
Via: The Hacker NewsCloudflare reported last night a bug in their service which could have leaked information from the services using their edge cache servers. Feedly uses Cloudflare as a security shield which increases the reliability and performance of the Feedly web application. As […]
December 6, 2016
Via: CSO OnlineIf you’ve encountered errors over the past month when trying to access HTTPS-enabled websites on your computer or Android phone, it might have been due to a bug in Chrome. The bug affected the validation for some SSL certificates issued […]
Access control, Mobile security
November 14, 2016
Via: Naked SecurityEight years ago, security researcher Colin Mulliner found and reported an intriguing bug to Apple. Even though the bug was in Safari on iOS, the vulnerability involved unwanted telephone calls, thanks to a special sort of web link using URLs […]
Application security, Mobile security
August 2, 2016
Via: Help Net SecurityA bug in the Intel Crosswalk Project library for cross-platform mobile development can open users to man-in-the-middle attacks, researchers from Nightwatch Cybersecurity have found. “The Crosswalk Project, created by Intel’s Open Source Technology Center, allows mobile developers to use HTML, […]
March 11, 2016
Via: Help Net SecurityA vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or […]
February 23, 2016
Via: InfoSecurity LiveTwitter has addressed a privacy bug that exposed email addresses and phone numbers associated with roughly 10,000 user accounts. According to the social media company, the flaw affected its password recovery system for approximately 24 hours last week. Users whose […]
February 19, 2016
Via: CSO OnlineTwitter has notified 10,000 users that their email addresses and phone numbers may have been exposed due to a bug in the website’s password recovery feature. The incident happened over the course of 24 hours on an unspecified day last […]
February 17, 2016
Via: CSO OnlineA buffer-overflow vulnerability uncovered Tuesday in the GNU C Library poses a serious threat to countless Linux users. Dating back to the release of glibc 2.9 in 2008, CVE-2015-7547 is a stack-based buffer overflow bug in the glibc DNS client-side […]
January 29, 2016
Via: CIOLG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data. The application, called Smart Notice, is a kind of multi-functional widget, […]
November 11, 2015
Via: Dark ReadingPrototype aims to prevent exploits that employ ‘use after free’ bugs in Windows, Linux, OS X software. Another day, another Adobe Flash vulnerability: but this time, the researchers who found the bug are also building an attack-mitigation method that would […]
October 1, 2015
Via: mobile-securityMore than a billion mobile #devices are affected by a set of two new critical vulnerabilities in #android‘s #stagefright code that can be exploited by an attacker to take complete control of a device, and as of Thursday patches are […]
September 28, 2015
Via: network-securityHot on the heels of #firefox 41 – which saw the end of a 14-year-old #bug that sucked up memory for #adblock plus users – #mozilla announced a new beta of the popular web browser. Firefox 42 beta for Windows, […]