vulnerability
Critical Bash bug opens Unix, Linux, OS X systems to attacks
The Bash “shellshock” flaw (CVE-2014-6271) was discovered last week by Unix/Linux specialist Stephane Chazelas, and its existence was made public on Wednesday. It …
Microsoft launches bug bounty program for Online Services
Microsoft has launched another bug bounty program, and this one will focus on its Online Services. Bug hunters are urged to submit vulnerabilities affecting the following …
Critical Android Browser bug threatens users’ privacy
Earlier this month, security researcher Rafay Baloch has released a proof-of-concept exploit that takes advantage of a vulnerability in an Android Browser’s security …
XSS bug allows Amazon account hijacking
A recurring XSS bug in Amazon’s Kindle Library, i.e. the “Manage your Kindle” web application, can be exploited by attackers looking to hijack users’ …
Google Apps scripts can be easily misused by scammers
Andrew Cantino, VP of Engineering at Mavenlink but also a bug hunter in his free time, has discovered that Google Apps Scripts can be misused by attackers to access …
DARPA is after vulnerabilities in algorithms implemented in software
The Defense Advanced Research Projects Agency (DARPA) is looking for new program analysis techniques and tools to enable analysts to identify vulnerabilities in algorithms …
Blackphone security issues and vulnerabilities unveiled
Blackphone, the carrier- and vendor-independent smartphone that was created with the goal of placing privacy and control directly in the hands of its users, is not without its …
Researchers compile list of Android apps that allow MitM attacks
Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to …
Coursera privacy issues exposed
When well-known lawyer and Stanford law lecturer Jonathan Mayer was invited to teach a course on government surveillance on Coursera, the popular online website offering free …
Lessons learned from running 95 bug bounty programs
Large companies such as Google and Facebook have dedicated teams that review bug submissions, verify valid bugs and reward security researchers, but that can be time and …
A closer look at Acunetix Web Vulnerability Scanner
Acunetix Web Vulnerability Scanner automatically checks your web applications for SQL Injection, XSS and other web vulnerabilities. Features: AcuSensor Technology SQL …
70% of finance apps vulnerable to input validation attacks
A growing number of data breaches and security incidents can be directly linked to poor code quality, according to CAST. The data reveals finance and retail industry …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments