vulnerability
How does the Heartbleed bug affect me?
By now, you have surely heard about the “Heartbleed” bug discovered in Open SSL, and you’re wondering how its existence affects you. The situation is, …
Heartbleed OpenSSL vulnerability: A technical remediation
OpenSSL released an bug advisory about a 64kb memory leak patch in their library. The bug has been assigned CVE-2014-0160 TLS heartbeat read overrun. According to OpenSSL, the …
OpenSSL “Heartbleed” bug undermines widely used encryption scheme
OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, …
Record year for Facebook bug hunters
With nearly 15,000 submissions – 687 of which were valid and eligible for awards – 2013 has been a record year for Facebook’s bug bounty program. Add to this …
Details for 30 Oracle Java Cloud Service flaws revealed
Polish security start-up Security Explorations has publicly released technical details and Proof-of-Concept code for 30 security vulnerabilities they found in Oracle Java …
European Cybercrime Centre warns about Windows XP security risks
The European Cybercrime Centre (EC3) at Europol warns about security risks related to the end of Windows XP support. After 8 April 2014, Windows will stop supporting its …
Android bug can push devices into an endless reboot loop
A Proof-of-Concept app exploiting a recently discovered Android vulnerability that triggers the continuous rebooting of an affected device was apparently also behind the …
0-day Microsoft Word flaw exploited in targeted attacks
Microsoft has issued a security advisory warning of a remote code execution vulnerability that is being exploited in “limited, targeted attacks directed at Microsoft …
Flaws in Android update mechanism could turn apps into malware
A group of researchers from Indiana University and Microsoft Research have unearthed six Android vulnerabilities that can be exploited to turn apparently harmless apps into …
Full Disclosure mailing list closure elicits mixed reactions
The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its …
Gang wielding ColdFusion exploits expands botnet of hacked e-commerce sites
A German website of French automaker Citro?«n is the latest of the wide array of higher-profile webshop sites that have been compromised by a hacker gang leveraging Adobe …
Backdoor in Samsung Galaxy devices discovered
The developers of Replicant, a “fully free/libre version of Android”, have discovered a backdoor in a number of Samsung Galaxy devices that could allow attackers …