CMS providers Joomla and WordPress have patched an arbitrary file download vulnerability in the HD FLV Player plug-in, but custom websites running the plug-in independently remain at risk.
Browsing Category: Vulnerabilities
A security researcher disclosed a problem with a loose cross-domain policy for Flash requests on Yahoo Mail that puts email content and contacts at risk.
For the second month in a row, Microsoft is recalling a security update published along with its monthly patch Tuesday release.
Experts at ICS-CERT say that the BlackEnergy malware that has been seen infecting human-machine interface systems may be exploiting a recently patched vulnerability in the Siemens SIMATIC WinCC software in order to compromise some systems.
Mozilla is planning to add support for Certificate Transparency checks in Firefox in the near future, but the company says that the feature won’t be turned on by default at first.
A class-action suit has been filed against Comcast for using customer routers as public Wi-Fi hotspots. Can attackers exploit router bugs to jump from public to private networks?
Some domain name server (DNS) implementations are at risk for denial-of-service attacks after a vulnerability was disclosed and patched in a few popular server packages, including BIND, PowerDNS and NLnetLabs.
The attackers behind the Red October APT campaign that was exposed nearly two years ago have resurfaced with a new campaign that is targeting some of the same victims and using similarly constructed tools and spear phishing emails.
Yahoo officials say that the company will disclose any new vulnerabilities that the company’s security team finds within 90 days of discovery.
Microsoft released seven security bulletins, three of them rated critical, as part of its December 2014 Patch Tuesday updates. It also re-released November updates for IE and SChannel