Items tagged with vulnerability
The latest version of Firefox came out at the end of March and brought a lot to the table, although like most browser version jumps nowadays, spotting all of what's new can be difficult. At the forefront, Firefox 37 introduced a "heartbeat" user rating system, which helps you provide useful feedback to Mozilla, and...
Read more...
Threat researcher Zhi Xu is reporting a widespread vulnerability in Google's Android operating system that is capable of exposing up to 49.5% of users to spyware, via a two-front alliance formed between apps downloaded from Google Play and from legitimate third-party app stores such as Amazon and Samsung.
Given the...
Read more...
Whenever a software flaw is discovered and is then patched, it's not often that we'll ever hear about it again (the exceptions are those that do big damage). It's even more rare when we end up hearing about a "medium" bug again four years later. Such is the case of a vulnerability affecting Adobe Flash (don't act...
Read more...
It's always fun to see which security flaws get exploited at Pwn2Own, and this year's event has proven to be no exception. In fact, it could be considered to be one of the most exciting events to date, with JungHoon Lee exploiting three major browsers, and securing a record $110,000 payout for one of the...
Read more...
Until the web at large adopts the open HTML5
Read more...
Last January, some six or so months after Edward Snowden exposed much of the NSA's shady behavior to the world, a smartphone was announced that promised unparalleled levels of security. Called BlackPhone, we followed-up a month later to provide a price, $629, and some specs. Quad-core, 2GB of RAM, 16GB storage... all standard fare for a good
Read more...
At this point, I think it's safe to call the security level of Adobe's Flash player "asinine". Sometimes, it feels like full-blown OSes, such as Windows, have far fewer bugs. When is the last time you remember having to update your OS with an emergency patch? Now how about Adobe Flash? Exactly.
Well, since Adobe...
Read more...
It's as if Google is looking to start a digital war -- or at least get back at Microsoft for using its minor patents to battle Android. Earlier this month, we reported on a significant Windows bug that Google, through its Project Zero site, exposed to the world after Microsoft failed to patch it up within Google's...
Read more...
Dell's SecureWorks Counter Threat Unit (CTU) has just discovered a new piece of malware that it dubs "Skeleton Key". Besides being one of the coolest-named pieces of malware ever, Skeleton Key provides access to any user account on an Active Directory controller without regard to supplying the correct password.
As...
Read more...
Well, this isn't something we see everyday. With Project Zero, Google monitors the discovery of software vulnerabilities, and in the event that one is found, the vendor responsible for it will be contacted. As per Google's own ruling, if a bug is not patched in 90 days from the date it's disclosed, it'll become...
Read more...
A weakness has been identified that could exist in Android, Windows, and iOS devices that can be used to obtain personal information. Discovered by a team of researchers, the vulnerability revolves around multiple applications running on a shared infrastructure that can be exploited. According to their research, they...
Read more...
When the OpenSSL vulnerability Heartbleed broke cover in April, it felt like it was the only thing that mattered for an entire week. Like many news outlets, we reported on the bug from a number of different angles, and it was all for good reason: It's a severe bug, and one that the world needs to know about. Given all...
Read more...
In the world of software, it's not uncommon to learn of a program that's implemented vulnerable code for over a decade (Java, anyone?), but where gaming's concerned, that's another story. According to a security researcher simply going by "Joe", one such vulnerability has made Bethesda its home. Clearly the...
Read more...
This coming Tuesday, April 9, is going to be a busy one for Microsoft’s update servers. In advance of what have become known as “Patch Tuesday”, Microsoft posted nine early security bulletins to notify users and system administrators of the slew of impending Windows updates. Two of the patches have...
Read more...
A new research report on Valve's Steam has highlighted how the program can be used to launch malicious code attacks, thanks to flaws in how browser commands are passed between Steam and browsers like Chrome, IE, Opera, and Firefox. First, it's important to understand that Steam itself isn't the (S)ource of the...
Read more...
Today, Microsoft released its detailed security report covering the latter half of 2010. Industry tends in general are positive—vulnerability disclosures in 2010 fell 16.5 percent from their 2009 levels and approximately 35 percent from 2006. Microsoft's own share of the vulnerability pie rose from 4.5 percent...
Read more...
Energizer has discontinued the sale of its Duo Charger/USB Charger due to a vulnerability in the Windows-based software that was supposed to be downloaded to support it.The devices allowed users to charge nickel metal hydride batteries from either a wall socket or a USB connection. The documentation with the charger...
Read more...
Research In Motion, the maker of the popular BlackBerry line of handheld devices, has issued a security patch for the popular handhelds, warning they are vulnerable to attacks by hackers. According to security experts, if this latest patch is not applied, there is a risk hackers could exploit the vulnerability and take over a company’s server....
Read more...
