vulnerability
Microsoft releases seven bulletins
2012’s first Patch Tuesday has seven bulletins, including the postponed bulletin from December 2011 that addresses the BEAST style information disclosure. Talking about …
Is your online bank vulnerable to currency rounding attacks?
In the 12+ years of doing penetration tests against various critical environments, we’ve seen numerous online banking servers and found all sorts of vulnerabilities in …
Exploit code for recent ASP.NET DoS flaw made public
The ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not …
January 2012 Patch Tuesday preview
Microsoft is starting 2012 with a surprisingly large first release of seven security bulletins covering eight separate vulnerabilities. In contrast, in past years we usually …
MetricStream IT-GRC integrates with QualysGuard Vulnerability Management
MetricStream and Qualys announced the integration of MetricStream IT-GRC Solution with QualysGuard Vulnerability Management (VM). The joint solution provides a single robust …
Microsoft releases MS11-100 for ASP.NET DoS attack
Today Microsoft released a security bulletin addressing a flaw in ASP.NET that was disclosed early morning yesterday at the Chaos Communication Congress (CCC) in Berlin. …
SCADA and PLC vulnerabilities in correctional facilities
Many prisons and jails use SCADA systems with PLCs to open and close doors. Using original and publicly available exploits along with evaluating vulnerabilities in electronic …
Microsoft provides protection for ASP.NET vulnerability
Microsoft published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web …
Ditching Java might be a good move
As unpatched Java vulnerabilities are frequently taken advantage by exploit kits and users often forget to update Java, F-Secure’s Mikko Hypponen says that maybe …
Researcher blasts Siemens for lying about SIMATIC bugs
The contentious issue of responsible and coordinated vulnerability disclosure has been revisited again as security researcher Billy Rios reacted to a statement made by Siemens …
Firefox 9 closes security holes
Mozilla released Firefox 9 that fixes several security and stability issues. Crash when plugin removes itself on Mac OS X FireBreath developer Richard Bateman reported a crash …
Windows Phone 7.5 bug disables messaging option
A bug in the recently released Windows Phone 7.5 mobile OS can be exploited to make people’s phones lose the ability to send messages by cutting access to the messaging …
Don't miss
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence
- Misconfig Mapper: Open-source tool to uncover security misconfigurations
- Why AI deployment requires a new level of governance
- Mastering the cybersecurity tightrope of protection, detection, and response