Secure smartphone manufacturer Blackphone announced today that it has launched a bug bounty program hosted on the Bugcrowd platform.
Browsing Category: Vulnerabilities
Digital thermostat maker Heatmiser is in the process of contacting its customers about a series of security issues that could open a Wi-Fi connected version of its product to takeover.
Details of a patched privacy vulnerability in MyFitnessPal, a popular fitness and nutrition mobile application, were disclosed this week, three months after a fix was deployed.
Research from the University of Maryland proposes new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management.
OWASP published the latest iteration of its Testing Guide, an informational manual designed to teach developers how to build and maintain secure application.
The deadline for a syntax change for CVE identifiers is coming on Jan. 13 when the four-digit format will support five or more. Vendors must update vulnerability management products to support the new syntax.
Drupal released an update that patches a moderately critical cross-site scripting vulnerability in its Mollom content and spam moderation module.
UPDATE–There are several unpatched, remotely exploitable vulnerabilities in a number of Schneider Electric’s SCADA products, one of which could be used to perform a shutdown of the SCADA server. Another of the vulnerabilities is an authentication bypass that could give an attacker access to sensitive data. The vulnerabilities affect a variety of Schneider Electric StruxureWare[…]
Third-party payment vendor C&K Systems released details regarding a breach that affected its systems for 18 months and went on to affect customers who shopped at Goodwill.
FreeBSD patched a vulnerability in the way the OS handles TCP packet processing that could lead to a denial-of-service attack on a server.