vulnerability
Instapaper for Android vulnerable to man-in-the-middle attacks
Bitdefender researchers have discovered that Android app Instapaper is vulnerable to man-in-the-middle attacks that could expose users’ signup/login credentials when logging …
Who fixes the most vulnerabilities?
Web and mobile applications produced or used by government organizations are more likely than those in other industries to fail standard security policies like the OWASP Top …
Critical RubyGems vulns can lead to installation of malicious apps
A serious vulnerability in RubyGems, a package manager for the Ruby programming language, can be exploited to trick end users into installing malware from attacker-controlled …
New Drupal versions fix admin account hijack flaw
New versions of popular open source content management system Drupal are out, and fix a series of vulnerabilities, including a critical one that can result in an attacker …
Why LinkedIn chose to keep its bug bounty program private
Bug bounty programs have become de rigueur for tech and Internet companies that want to improve the security of their products by (partly) outsourcing bug discovery. But while …
Unpatched OS X, iOS flaws allow password, token theft from keychain, apps
Six researchers from Indiana University Bloomington, Peking University and Georgia Tech have recently published a paper in which they detail the existence of critical security …
A call to researchers: Mix some creation with your destruction
Since I can first remember being interested in information security, my personal hacker heroes (and I’m using hacker positively here) were the researchers who discovered zero …
FIRST announces CVSS version 3
The Forum of Incident Response and Security Teams (FIRST) has announced the availability of version 3 of the Common Vulnerability Scoring System (CVSS). The new system is the …
Serious MitM flaw plugged in latest watchOS version
If you’ve recently bought an Apple Watch, or if you have had one for a while now, but you haven’t updated to the latest watchOS version, now is the time to do it …
Bug in iOS Mail app is a dream come true for phishers
A serious bug in the default Apple iOS Mail application can be easily exploited to show extremely realistic-looking pop-up prompts and trick users into sharing their Apple …
Mozilla increases rewards given out to bug hunters
Once again the Mozilla Foundation has upped the bounties it offers to researchers who find and responsibly disclose vulnerabilities in Firefox.“Those of us on the Bug …
Most vulnerabilities on enterprise networks are two years old
The NTT Innovation Institute and NTT Group security combined an analysis of over six billion attacks observed in 2014 with an interactive data review and ongoing daily global …