Research from the University of Maryland proposes new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management.
Browsing Author: Michael Mimoso
The Home Depot data breach put 56 million payment cards at risk, the company said today, adding that the attackers used custom malware in the breach.
The deadline for a syntax change for CVE identifiers is coming on Jan. 13 when the four-digit format will support five or more. Vendors must update vulnerability management products to support the new syntax.
Researchers at Adallom analyzed a sample of the Dyre banking Trojan that was found to be targeting Salesforce.com credentials.
Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.
FreeBSD patched a vulnerability in the way the OS handles TCP packet processing that could lead to a denial-of-service attack on a server.
Google’s latest Transparency Report reveals government requests for data jumped 15 percent from the end of 2013, and that nine countries requested data for the first time.
Adobe released a new version of Reader and Acrobat, patching eight security vulnerabilities in the PDF reader. The patches were delayed a weeks because of issues during regression testing.
IBM reports a variant of the Citadel banking Trojan was spotted in APT-style targeted attacks against petrochemical companies in the Middle East.
SNMP-based DDoS attacks spoofing Google’s public recursive DNS server have been spotted by the SANS Internet Storm Center.