vulnerability
Microsoft patches two more 0-days actively used by attackers
With this month’s Patch Tuesday, Microsoft has provided patches for several critical vulnerabilities that allow remote code execution, some of which have been or are …
4 million UPnP devices may be vulnerable to attack
Akamai has observed the use of a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and …
POODLE vulnerability: The end of life of SSL 3.0
There is a critical security vulnerability in SSL 3.0 which allows attackers to calculate the plaintext of encrypted connections, and it will likely spell the end of the use …
Russian espionage group used Windows 0-day to target NATO, EU
In today’s Patch Tuesday, Microsoft will be releasing a wide variety of patches, and among them will be one for a zero-day vulnerability that has been used in a …
Personal info of 850k Oregon jobseekers potentially compromised
851,322 individuals who used Oregon Employment Department’s WorkSource Oregon Management Information System (WOMIS) will soon be receiving notices that they information …
Dropbox bug left some users without their stored files
Popular file cloud hosting service Dropbox has been sending out emails to a “small number” of its customers, explaining that some of their files have been …
WordPress most targeted CMS by hackers?
Imperva released the results of its Web Application Attack Report (WAAR), the result of analysis of a subset of 99 applications protected by Imperva’s WAF over a period …
How Shellshock can be exploited over DHCP
Attacks exploiting the Shellshock vulnerability (actually, vulnerabilities) are popping up daily, but while Shellshock attacks on web apps have been the most documented and …
Bugzilla bug that could reveal other software flaws has been patched
A critical security vulnerability in the popular online bug-tracking-and-testing tool Bugzilla has been patched, and users are advised to update to new releases as soon as …
Yahoo says its servers weren’t Shellshocked
After researcher Jonathan Hall’s claims that a group of hackers has been exploiting the Bash Shellshock vulnerability to compromise a number of servers belonging to …
Android browser SOP bypass bug: Who’s affected, and what to do?
A security researcher has recently discovered not just one but two vulnerabilities in the Android Open Source Project (AOSP) browser that could allow attackers to bypass the …
Hackers exploit Shellshock bug, compromise Yahoo, WinZip servers
A group of hackers has successfully leveraged the recently discovered Bash Shellshock vulnerability to compromise a number of servers belonging to Yahoo, Lycos and Winzip, and …