Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to crash by sendin specially crafted packets to the Web interface of a vulnerable device.[...]
Browsing Category: Vulnerabilities
Dennis Fisher and Mike Mimoso discuss the US indictments of Chinese army officers for hacking, the Blackshades malware arrests, the new IE 8 zero day and the US prospects in the World Cup.
There are two issues with the way Microsoft’s Outlook application encrypts content on older versions of Android that could expose users’ emails and email attachments.
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way that the browser handles CMarkup[...]
Adobe promises that its next Shockwave update will bring its bundled Flash Player patch levels up to date; in the meantime, Shockwave offers hackers a large attack surface to target.
Researchers at Cambridge University published a paper describing security vulnerabilities in the EMV chip-and-PIN protocol and implementation.
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP’s Zero[...]
Exploit vendor VUPEN disclosed details on a Firefox vulnerability it brought to this year’s Pwn2Own contest. The bug was patched in March, one week after the contest.
Google has fixed 23 security vulnerabilities in Chrome, including three high-risk flaws, and handed out $9,500 in rewards to researchers. Among the vulnerabilities that the company fixed in Chrome 35 are use-after-free flaws and an integer overflow, all of which are rated high. Google didn’t disclose the details of all of the various security vulnerabilities,[...]
Rapid7 today disclosed zero-day vulnerabilities in an enterprise-grade load balancer from Brocade and home DSL routers and cable modems that allow a hacker to steal authentication data from the SNMP community string.