vulnerability
Facebook API bug deletes contact info on users’ phones
If you thought that Facebook’s recent unannounced change of its users’ email address tied with their account to Facebook ones was bad, you’ll be livid if you …
Blackhole exploit kit got upgraded
Phoenix and Blackhole are the most popular and widely used exploit kits because their creators are always tinkering with them and pushing out update and improved attack …
Radical reduction in online vulnerabilities
WhiteHat Security reviewed serious vulnerabilities in websites during 2011, examining the severity and duration of the most critical vulnerabilities from 7,000 websites across …
PayPal sets up bug bounty program
Joining the likes of Google, Facebook, Mozilla and others, PayPal has announced that it will be offering money for information about security bugs that affect their site …
Smart TVs are vulnerable to attacks
Home entertainment has expanded beyond the traditional television. Modern TV sets are very similar to a desktop computer: they have a processor, memory, a hard disk and some …
Compromised website serving “state-sponsored” 0-day exploit
The still unpatched Microsoft XML Core Services vulnerability (CVE-2012-1889) that allows attackers to gain the same user rights as the logged on user and execute malicious …
Unpatched Microsoft flaw actively exploited in the wild
When Microsoft released a security advisory detailing a critical flaw in Microsoft XML Core Services and its corresponding “Fix it” mitigation solution last week, …
Vulnerabilities in open source WAF ModSecurity
During our research of web application firewall evasion issues, we uncovered a flaw in ModSecurity that may lead to complete bypass of the installed rules, in the cases when …
US-CERT warns of Intel CPU flaw
A flaw in Intel chips leaves users of a number or x64-based operating systems vulnerable to system hijacking, the US Computer Emergency Readiness Team warns. “Some …
MySQL flaw allows attackers to easily connect to server
A simple but serious MySQL and MariaDB authentication bypass flaw has been revealed by MariaDB security coordinator Sergei Golubchik, and exploits targeting it have already …
Researchers bypass Google’s Android Bouncer
First introduced to the public in February this year, Google’s Bouncer was welcomed as a great addition that aimed to make Google Play more secure for Android users. …
UGNazi attack 4chan, CloudFlare
Visitors to 4chan have recently been automatically redirected to the Twitter account of hacker group UGNazi, and an investigation into the matter revealed that the attack has …