The OpenBSD project patched a vulnerability in the LibreSSL random number generator; both sides of the issue concede the test program used to trigger the flaw was either unusual or unrealistic.
Browsing Category: Vulnerabilities
Google is focusing some of the sharpest minds it has on a new security initiative known as Project Zero that will dig into the critical software that the Internet and its users depend upon and find new vulnerabilities.
Active for about five years, a campaign in which attackers have pilfered victims’ credentials from Google, Yahoo, Facebook, Dropbox and Skype, was recently revealed.
A group of outside experts found that the process that led to the inclusion of the weakened Dual EC_DRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of Standards and Technology increase the number of[...]
Oracle is expected to release 113 patches across its product lines as part of its quarterly Critical Patch Updates.
LastPass, the popular password manager for most of the top Web browsers, has fixed a couple of vulnerabilities that could have allowed an attacker to target users and generate his own one-time passwords for the victim’s account. The company said that its security team hasn’t seen any active attacks exploiting these vulnerabilities and doesn’t think that[...]
Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week.
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.
Microsoft fixes 29 security vulnerabilities in Windows, Internet Explorer, and Server Software in its July 2014 Patch Tuesday release.