Mozilla Developer Network members are advised to change their passwords after an accidental password dump to a public server was discovered.
Browsing Category: Vulnerabilities
A hole has been fixed in an industrial control system data management server that if left unpatched could result in a remotely exploitable DoS condition.
A new breed of point-of-sale malware has been found in several recent attacks, and experts say that the tool, known as Backoff, has extensive data stealing and exfiltration capabilities, including keylogging, memory scraping and injection into running processes.
Microsoft announced that the latest version of its Enhanced Mitigation Experience Toolkit, EMET 5.0, was released to general availability today.
A talk at Black Hat will expose security weaknesses introduced by multipath TCP, extensions to TCP that bring resilience and efficiency to networking.
The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks. The vulnerability is an information disclosure bug in the Innominate mGuard product, which is meant to connect operators to[...]
Tor is warning users of its hidden services to upgrade relays after attackers were discovered on the network trying to deanonymize users.
Facebook has fixed a vulnerability in its Android app could allow an attacker to cause a denial-of-service condition on a device or run up the victim’s mobile bill by transferring large amounts of data to and from the device. The flaw lies in the way that the Facebook app handles HTTP requests. The app include an HTTP server[...]
The informational systems that the National Oceanic and Atmospheric Administration (NOAA) runs are fraught with vulnerabilities and what the U.S. Department of Commerce deem “significant security deficiencies.”
Georgia Tech Research Institute has released an open source threat intelligence gathering tool called BlackForest that automates attack-data mining.