Dennis Fisher and Mike Mimoso discuss the changes in the year since the first stories broke regarding Edward Snowden and the NSA and the new OpenSSL vulnerability.
Browsing Category: Vulnerabilities
Noted researcher Dan Farmer published a paper on the depth and breadth of IPMI vulnerabilities in server Baseboard Management Controllers, and the news isn’t good.
Linksys router contains an authentication bypass vulnerability that could give an attacker full administrative privileges on affected devices.
There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers.
A SCADA vulnerability could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability is left unpatched.
A popular WordPress plugin could leave potentially millions of websites vulnerable if left unpatched.
Open source cryptographic library GnuTLS recently patched a remote code execution and denial of service vulnerability.
Malware capable of infecting point-of-sale devices once was a novelty, but it’s quickly becoming more common. Researchers at Arbor Networks have unearthed a new strain of PoS malware called Soraya that can scrape memory and has the ability to intercept information sent from Web forms, a specialty of the Zeus malware family. Soraya also has[...]
The Heartbleed OpenSSL vulnerability can be exploited over wireless networks, according to a researcher who released PoC code for attacks against wireless authentication programs hostapd and wpa_supplicant.
Apache recently patched denial of service and information disclosure vulnerabilities in its Tomcat web server.