vulnerability
Vendors patch security vulnerabilities within 3 weeks
High-Tech Bridge Security Research Lab released its statistics on web application security for the first half of 2013. The statistics is based on HTB Security Advisories that …
McAfee ePolicy Orchestrator exploitation tool
US-CERT’s latest advisory focuses on an exploit tool for McAfee ePolicy Orchestrator. The tool targets two vulnerabilities found in ePO versions 4.6.5 and earlier. In …
Bug bounties are cheaper than hiring full-time bug hunters
Software companies that have instituted bug bounties are on the right track, a recently published report by researchers of the University of California, Berkeley computer …
Bluebox releases free scanner for Android “master key” bug
Bluebox Security, the mobile security startup that’s “working to save the world from information thievery”, has made a name for itself by finding and …
Microsoft gives app developers 180 days to fix bugs
This month’s Patch Tuesday has been a prolific one, and patches for a total of 34 vulnerabilities – six of which critical – have been made available for …
POC code for critical Android bug published
Last week, researchers from Bluebox Security have made a disconcerting revelation: Google’s Android mobile OS carries a critical bug that allows attackers to modify the …
US Emergency Alerting System vulnerable to attack
IOActive has discovered vulnerabilities in the Emergency Alerting System (EAS) which is widely used by TV and radio stations across the United States. They uncovered the …
The magnitude of Android’s “master key” bug
The Android flaw whose existence was revealed last week by Bluebox Security is as bad as they come. “Blowing hash and signing functions so that the underlying code can …
Android bug allows app code change without breaking signatures
Researchers from Bluebox Security have discovered a critical Android flaw that allows attackers to modify the code of any app without breaking its cryptographic signature, and …
Darkleech Apache module injection campaign delivers malware
One of the most successful malware infection campaigns ever is still going strong, and researchers have not come closer to discovering how the attackers are compromising web …
Serious vulnerabilities in OpenX ad platform expose millions to risk
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to execute arbitrary PHP code, perform Cross-Site Scripting (XSS) …
Facebook squashes critical account hijacking bug
A U.K.-based security researcher has shared details of a recently patched Facebook vulnerability that he discovered and for which he received $20,000 via the the social …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments