vulnerability
Mozilla increases rewards given out to bug hunters
Once again the Mozilla Foundation has upped the bounties it offers to researchers who find and responsibly disclose vulnerabilities in Firefox.“Those of us on the Bug …
Most vulnerabilities on enterprise networks are two years old
The NTT Innovation Institute and NTT Group security combined an analysis of over six billion attacks observed in 2014 with an interactive data review and ongoing daily global …
Weak SSH keys opened many GitHub repositories to compromise
Github repositories of many entities, projects, and even one government could have been compromised and used to deliver malicious code due to the owners’ use of easily …
Bug hunting without much tech knowledge or many tools
Bas Venis has been programming since he was 14 years old. After gaining some experience as a web developer, this 18-year-old self-taught security researcher got into IT …
Akamai and Trustwave unite to protect businesses from online threats
Akamai Technologies, provider of content delivery network services, and managed security services firm Trustwave announced at Infosecurity Europe 2015 a new strategic alliance …
Google patches Android Chrome address bar spoofing bug
The existence of another address bar spoofing bug has been revealed, and this one affects the Android Chrome browser.“Due to a problem in handling 204 “No …
Newly disclosed Logjam bug might be how the NSA broke VPNs
Another vulnerability courtesy of 1990s-era US export restrictions on cryptography has been discovered, and researchers believe it might be how the NSA managed to regularly …
Bug in NetUSB code opens networking devices to remote code execution
Researchers from SEC Consult have published details of a critical kernel stack buffer overflow vulnerability in NetUSB, a software component that provides “USB over …
Address spoofing Safari bug opens door for phishing attacks
Hacker David Leo has released a PoC exploit for a Safari vulnerability that can be misused to trick users into thinking they are on one site while they are actually on another …
Security firm publishes details, exploit code for Google App Engine flaws
Polish firm Security Explorations has published technical details and PoC code for several security issues identified in Google App Engine (GAE) for Java.The company has found …
United Airlines offers air miles for vulnerability information
United Airlines has become the first airline to start a bug bounty program and instead of monetary rewards, it offers air miles: a million for remote code execution bugs, …
Flawed crypto endangers millions of smart grid devices
The cryptography used in the Open Smart Grid Protocol (OSGP), one of the most widely used smart meter and smart grid device networking standards, can be easily cracked, …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?