The Heartbleed OpenSSL vulnerability can be exploited over wireless networks, according to a researcher who released PoC code for attacks against wireless authentication programs hostapd and wpa_supplicant.
Browsing Category: Vulnerabilities
Apache recently patched denial of service and information disclosure vulnerabilities in its Tomcat web server.
San Diego State University has notified some of its current and former enrollees that some of their personal information may have been accessed by unauthorized users.
HackerOne, has scored a major coup in hiring Katie Moussouris, the driving force behind Microsoft’s bounty program, to oversee its policy and disclosure philosophy and work with customers on the intricacies of vulnerability disclosure.
Pinterest has become the latest major Web property to start a bug bounty program, joining the Bugcrowd platform and offering researchers rewards of up to…a shirt. The site, which enables users to post photos, recipes and other information, announced the new reward program Tuesday. Company officials said that Pinterest was looking for more people to[...]
UPDATE–The small, but growing, group of companies that supply so-called lawful intercept gear to intelligence agencies and law enforcement organizations around the world have operated mostly under the radar until very recently. Their products are used to record and scrutinize the communications of suspected criminals and terrorists, but now they’re finding that their products are[...]
Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device.[...]
Dennis Fisher and Mike Mimoso discuss the US indictments of Chinese army officers for hacking, the Blackshades malware arrests, the new IE 8 zero day and the US prospects in the World Cup.
There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments.
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[...]