vulnerability
Virgin Mobile USA user accounts vulnerable to brute-force attack
Millions of subscribers of Virgin Mobile USA are in danger of having their accounts hijacked and misused because the carrier’s authentication method is easy to break …
Microsoft issues workaround for IE 0-day exploited in current attacks
Microsoft has issued a security advisory with advice on how to patch a Internet Explorer zero-day vulnerability recently spotted being exploited in the wild by attackers that …
Chip and PIN payment card system vulnerable to “pre-play” attacks
The chip and PIN system employed by most European and Asian banks is definitely more secure than the magnetic strip one, but it doesn’t mean that it doesn’t have …
Etsy starts its own bug bounty program
Etsy, the popular online marketplace for handcrafted and vintage goods, has announced its own bug bounty program, which will reward researchers with money and goods for …
Oracle confirms existence of another critical Java flaw
When Oracle finally patched the CVE-2012-4681 Java 0-day that was being actively exploited in the wild, Polish firm Security Explorations immediately piped up to say they …
Oracle patches Java 0-day, researchers say there’s another one
Oracle has finally issued an update for Java 7 (v 1.7.0_07) which solves the problem of the CVE-2012-4681 vulnerability (which actually consists of two distinct flaws). The …
Java 0-day exploit added to Blackhole kit, still no news about patch
The recently discovered Java zero-day flaw that has been spotted being used in limited targeted attacks in the wild has created quite a stir. A module that exploits the …
Google announces $2 milion in prizes for Pwnium 2
Following the announcement that it will be upping the monetary rewards given to security researchers that responsibly disclose Chromium vulnerabilities, Google has announced …
Google ups prizes in Chromium bug bounty program
Since a vulnerability rewards program for open source web browser project Chromium was instituted in early 2010, many vulnerabilities have been found and dealt with, and …
Critical vulnerabilities in popular DDoS toolkit exposed
Prolexic Technologies exposed weaknesses in the command and control (C&C) architecture of the Dirt Jumper DDoS Toolkit family that could neutralize would-be attackers. …
Vulnerability disclosure framework for industrial control systems
The Industrial Control Systems Joint Working Group (ICSJWG) published “The Industrial Control Systems Common Vulnerability Disclosure Framework”, which is a …
Is Ubisoft’s DRM browser plugin a rootkit?
An offhand remark made by Google engineer Tavis Ormandy to a post on the Full Disclosure mailing list has sparked anger in the harts of Ubisoft users, as he shared his …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments