A group of outside experts found that the process that led to the inclusion of the weakened Dual EC_DRBG random number generator in a NIST standard was flawed and there were several failures along the way that led to its approval. The committee also recommended that the National Institute of Standards and Technology increase the number of[...]
Browsing Category: Vulnerabilities
Oracle is expected to release 113 patches across its product lines as part of its quarterly Critical Patch Updates.
LastPass, the popular password manager for most of the top Web browsers, has fixed a couple of vulnerabilities that could have allowed an attacker to target users and generate his own one-time passwords for the victim’s account. The company said that its security team hasn’t seen any active attacks exploiting these vulnerabilities and doesn’t think that[...]
Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week.
Google has failed to implement certificate pinning in its official iOS Gmail application, which could enable Man-in-the-Middle attacks exposing encrypted user communications.
Yahoo recently fixed a trio of remotely exploitable vulnerabilities in its services that could have let attackers execute a handful of nefarious tricks.
Microsoft fixes 29 security vulnerabilities in Windows, Internet Explorer, and Server Software in its July 2014 Patch Tuesday release.
Adobe patched Flash Player today, adding validation checks to the software so that it rejects malicious content from vulnerable JSONP callback APIs.
A vulnerability in Netgear-branded ethernet switches could give an attacker full access to the hardware.
The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a root user.