vulnerability
Another Android “master key” bug revealed
The existence of another “master key” bug that can be used to push malware onto Android users has been publicly disclosed by Jay Freeman (a.k.a Saurik), the …
New Microsoft 0-day vulnerability under attack
Microsoft has released security advisory KB2896666 informing of a vulnerability (CVE-2013-3906) in the TIFF graphics format that is seeing limited attacks in the Middle East …
Network IDS reduces “white noise” for more focus on critical vulns
RandomStorm has announced the latest release of its next generation network intrusion detection system (NIDS), StormProbe. StormProbe analyses all network traffic, using more …
RSA takes a big data approach to help with high-risk threats
RSA, The Security Division of EMC, at RSA Conference Europe 2013 unveiled RSA Vulnerability Risk Management (VRM), a new software solution designed to help organizations …
Bypassing security scanners by changing the system language
A substantial security oversight is present in a variety of penetration testing tools, and it has to do with the different languages that a computer system can be set up to …
The Internet of Things: Vulns, botnets and detection
Does the Internet of Things scare you? It probably should. This DerbyCon video discusses why embedded device security is laughably bad, handling vendor notification, and …
Digital ship pirates: Researchers crack vessel tracking system
In the maritime business, Automated Identification Systems (AIS) are a big deal. They supplement information received by the marine radar system, are used for a wide variety …
Solving the dilemma of vulnerability exploitation disclosure
The subject of software and hardware vulnerability disclosure has been debate time and time again, and most agree that, if possible, vulnerabilities should first be disclosed …
The many security problems of ATMs
As much as they are useful, ATMs are also very vulnerable to tampering and attacks from individuals looking for money. eWeek reports that at the SecTor security conference …
Video: Stop making excuses, it’s time to own your high impact vulnerabilities
Most systems are insecure, not because we don’t know about or understand the vulnerability but because we fail at planning and communicating the solution to address or …
WhatsApp encryption flaw revealed, POC code published
A Dutch researcher says that the encryption solution implemented by popular cross-platform IM service WhatsApp is flawed. He claims that the company has not thought it out as …
Dangerous vBulletin exploit in the wild
vBulletin is a popular proprietary CMS that was recently reported to be vulnerable to an unspecified attack vector. vBulletin is currently positioned 4th in the list of …